Dissertations / Theses on the topic 'Cloud data protection'
To see the other types of publications on this topic, follow the link: Cloud data protection.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Cloud data protection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Oduyiga, Adeshola Oyesanya. "Security in Cloud Storage : A Suitable Security Algorithm for Data Protection." Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-34428.
Full textAbstract:
The purpose of this thesis work was to conduct a general research on existing security techniques and come up with a considerable algorithm for data security in cloud storage. Cloud storage is an infrastructure or is a model of computer data storage in which the digital data is stored in logical pools. It unifies object storage for both developers and enterprises, from live applications data to cloud archival. It help to save valuable space on PC computers or mobile devices and provides the easy storage and access of data anywhere in the world. However, just as the benefits of cloud computing abounds, so also are the risks involved. If data are not well secured or encrypted before deployment for storage in the cloud, in case of negligence on the side of the developers, then hackers can gain unauthorized access to the data. The behavior of existing security algorithms on data were studied, the encryption and decryption process of the each algorithm on data was studied and also their weaknesses against attacks. Apart from data encryption, security policies also plays an important roll in cloud storage which was also covered in this report. The research work was conducted through the use of online publications, literature review, books, academic publications and reputable research materials. The study showed that regardless of the challenges in cloud storage, there is still a suitable algorithm for protecting data against attack in the cloud.
2
Syckor, Jens. "Dropbox & Co, alles schon ge-cloud?" Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2014. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-153998.
Full textAbstract:
Cloudspeicherdienste sind zu einem Standard für den Austausch großer Datenmengen in virtuellen Gemeinschaften geworden, sowohl im privaten Umfeld als auch im öffentlichen Bereich. Einfache Bedienbarkeit sowie nahtlose Integration in Applikationen, Betriebssystemen und Endgeräten sind wesentliche Bausteine dieses Siegeszuges.
3
Sobati, Moghadam Somayeh. "Contributions to Data Privacy in Cloud Data Warehouses." Thesis, Lyon, 2017. http://www.theses.fr/2017LYSE2020.
Full textAbstract:
Actuellement, les scénarios d’externalisation de données deviennent de plus en plus courants avec l’avènement de l’infonuagique. L’infonuagique attire les entreprises et les organisations en raison d’une grande variété d’avantages fonctionnels et économiques.De plus, l’infonuagique offre une haute disponibilité, le passage d’échelle et une reprise après panne efficace. L’un des services plus notables est la base de données en tant que service (Database-as-a-Service), où les particuliers et les organisations externalisent les données, le stockage et la gestion `a un fournisseur de services. Ces services permettent de stocker un entrepôt de données chez un fournisseur distant et d’exécuter des analysesen ligne (OLAP).Bien que l’infonuagique offre de nombreux avantages, elle induit aussi des problèmes de s´sécurité et de confidentialité. La solution usuelle pour garantir la confidentialité des données consiste à chiffrer les données localement avant de les envoyer à un serveur externe. Les systèmes de gestion de base de données sécurisés utilisent diverses méthodes de cryptage, mais ils induisent un surcoût considérable de calcul et de stockage ou révèlent des informations sur les données.Dans cette thèse, nous proposons une nouvelle méthode de chiffrement (S4) inspirée du partage secret de Shamir. S4 est un système homomorphique additif : des additions peuvent être directement calculées sur les données cryptées. S4 trait les points faibles des systèmes existants en réduisant les coûts tout en maintenant un niveau raisonnable de confidentialité. S4 est efficace en termes de stockage et de calcul, ce qui est adéquat pour les scénarios d’externalisation de données qui considèrent que l’utilisateur dispose de ressources de calcul et de stockage limitées. Nos résultats expérimentaux confirment l’efficacité de S4 en termes de surcoût de calcul et de stockage par rapport aux solutions existantes.Nous proposons également de nouveaux schémas d’indexation qui préservent l’ordre des données, OPI et waOPI. Nous nous concentrons sur le problème de l’exécution des requêtes exacts et d’intervalle sur des données chiffrées. Contrairement aux solutions existantes, nos systèmes empêchent toute analyse statistique par un adversaire. Tout en assurant la confidentialité des données, les schémas proposés présentent de bonnes performances et entraînent un changement minimal dans les logiciels existantsNowadays, data outsourcing scenarios are ever more common with the advent of cloud computing. Cloud computing appeals businesses and organizations because of a wide variety of benefits such as cost savings and service benefits. Moreover, cloud computing provides higher availability, scalability, and more effective disaster recovery rather than in-house operations. One of the most notable cloud outsourcing services is database outsourcing (Database-as-a-Service), where individuals and organizations outsource data storage and management to a Cloud Service Provider (CSP). Naturally, such services allow storing a data warehouse (DW) on a remote, untrusted CSP and running on-line analytical processing (OLAP).Although cloud data outsourcing induces many benefits, it also brings out security and in particular privacy concerns. A typical solution to preserve data privacy is encrypting data locally before sending them to an external server. Secure database management systems use various encryption schemes, but they either induce computational and storage overhead or reveal some information about data, which jeopardizes privacy.In this thesis, we propose a new secure secret splitting scheme (S4) inspired by Shamir’s secret sharing. S4 implements an additive homomorphic scheme, i.e., additions can be directly computed over encrypted data. S4 addresses the shortcomings of existing approaches by reducing storage and computational overhead while still enforcing a reasonable level of privacy. S4 is efficient both in terms of storage and computing, which is ideal for data outsourcing scenarios that consider the user has limited computation and storage resources. Experimental results confirm the efficiency of S4 in terms of computation and storage overhead with respect to existing solutions.Moreover, we also present new order-preserving schemes, order-preserving indexing (OPI) and wrap-around order-preserving indexing (waOPI), which are practical on cloud outsourced DWs. We focus on the problem of performing range and exact match queries over encrypted data. In contrast to existing solutions, our schemes prevent performing statistical and frequency analysis by an adversary. While providing data privacy, the proposed schemes bear good performance and lead to minimal change for existing software
4
Skolmen, Dayne Edward. "Protection of personal information in the South African cloud computing environment: a framework for cloud computing adoption." Thesis, Nelson Mandela Metropolitan University, 2016. http://hdl.handle.net/10948/12747.
Full textAbstract:
Cloud Computing has advanced to the point where it may be considered an attractive proposition for an increasing number of South African organisations, yet the adoption of Cloud Computing in South Africa remains relatively low. Many organisations have been hesitant to adopt Cloud solutions owing to a variety of inhibiting factors and concerns that have created mistrust in Cloud Computing. One of the top concerns identified is security within the Cloud Computing environment. The approaching commencement of new data protection legislation in South Africa, known as the Protection of Personal Information Act (POPI), may provide an ideal opportunity to address the information security-related inhibiting factors and foster a trust relationship between potential Cloud users and Cloud providers. POPI applies to anyone who processes personal information and regulates how they must handle, store and secure that information. POPI is considered to be beneficial to Cloud providers as it gives them the opportunity to build trust with potential Cloud users through achieving compliance and providing assurance. The aim of this dissertation is, therefore, to develop a framework for Cloud Computing adoption that will assist in mitigating the information security-related factors inhibiting Cloud adoption by fostering a trust relationship through compliance with the POPI Act. It is believed that such a framework would be useful to South African Cloud providers and could ultimately assist in the promotion of Cloud adoption in South Africa.
5
Xu, Cheng. "Authenticated query processing in the cloud." HKBU Institutional Repository, 2019. https://repository.hkbu.edu.hk/etd_oa/620.
Full textAbstract:
With recent advances in data-as-a-service (DaaS) and cloud computing, outsourcing data to the cloud has become a common practice. In a typical scenario, the data owner (DO) outsources the data and delegates the query processing service to a service provider (SP). However, as the SP is often an untrusted third party, the integrity of the query results cannot be guaranteed and is thus imperative to be authenticated. To tackle this issue, a typical approach is letting the SP provide a cryptographic proof, which can be used to verify the soundness and completeness of the query results by the clients. Despite extensive research on authenticated query processing for outsourced databases, existing techniques have only considered limited query types. They fail to address a variety of needs demanded by enterprise customers such as supporting aggregate queries over set-valued data, enforcing fine-grained access control, and using distributed computing paradigms. In this dissertation, we take the first step to comprehensively investigate the authenticated query processing in the cloud that fulfills the aforementioned requirements. Security analysis and performance evaluation show that the proposed solutions and techniques are robust and efficient under a wide range of system settings.
6
Cerf, Sophie. "control theory for computing systems : application to big-data cloud services & location privacy protection." Thesis, Université Grenoble Alpes (ComUE), 2019. http://www.theses.fr/2019GREAT024.
Full textAbstract:
Cette thèse présente une application de la théorie du contrôle pour les systèmes informatiques. Un algorithme de contrôle peut gérer des systèmes plus grands et plus complexes, même lorsqu'ils sont particulièrement sensibles aux variations de leur environnement. Cependant, l'application du contrôle aux systèmes informatiques soulève plusieurs défis, par exemple dû au fait qu'aucune physique ne les régisse. D'une part, le cadre mathématique fourni par la théorie du contrôle peut être utilisé pour améliorer l'automatisation, la robustesse et la fiabilité des systèmes informatiques. D'autre part, les défis spécifiques de ces cas d'étude permettent d'élargir la théorie du contrôle elle-même. L'approche adoptée dans ce travail consiste à utiliser deux systèmes informatiques d'application: la protection de vie privée liée à la mobilité et les performances des services clouds. Ces deux cas d'utilisation sont complémentaires par la nature de leurs technologies, par leur échelle et par leurs utilisateurs finaux.La popularité des appareils mobiles a favorisé la diffusion et la collecte des données de localisation, que ce soit pour que l'utilisateur bénéficie d'un service personnalisé (e.g. une planification d'itinéraire) ou pour que le prestataire de services tire des informations utiles des bases de données de mobilité (e.g. la popularité de lieux). En effet, de nombreuses informations peuvent être extraites de données de localisation, y compris des données personnelles très sensibles. Pour remédier à cette atteinte à la vie privée, des mécanismes de protection spécifiques aux données de mobilité (LPPM) ont été élaborés. Ce sont des algorithmes qui modifient les données de localisation de l'utilisateur, dans le but de cacher des informations sensibles. Cependant, ces outils ne sont pas facilement configurables par des non experts et sont des processus statiques qui ne s'adaptent pas à la mobilité de l'utilisateur. Dans cette thèse, nous développons deux outils, l'un pour les bases de données déjà collectées et l'autre pour l'utilisation en ligne, qui garantissent aux utilisateurs des niveaux de protection de la vie privée et de préservation de la qualité des services en configurant les LPPMs. Nous présentons la première formulation du problème en termes de théorie du contrôle (système et contrôleur, signaux d’entrée et de sortie), et un contrôleur PI pour servir de démonstration d’applicabilité. Dans les deux cas, la conception, la mise en œuvre et la validation ont été effectuées par le biais d'expériences utilisant des données d'utilisateurs réels recueillies sur le terrain.L'essor récent des bigdata a conduit au développement de programmes capables de les analyser, tel que MapReduce. Les progrès des pratiques informatiques ont également permis d'établir le modèle du cloud (où il est possible de louer des ressources de bas niveau pour permettre le développement d'applications de niveau supérieur sans se préoccuper d'investissement ou de maintenance) comme une solution incontournable pour tous types d'utilisateurs. Garantir les performances des tâches MapReduce exécutées sur les clouds est donc une préoccupation majeure pour les grandes entreprises informatiques et leurs clients. Dans ce travail, nous développons des techniques avancées de contrôle du temps d'exécution des tâches et de la disponibilité de la plate-forme en ajustant la taille du cluster de ressources et en réalisant un contrôle d'admission, fonctionnant quelle que soit la charge des clients. Afin de traiter les non linéarités de MapReduce, un contrôleur adaptatif a été conçu. Pour réduire l'utilisation du cluster (qui entraîne des coûts financiers et énergétiques considérables), nous présentons une nouvelle formulation du mécanisme de déclenchement du contrôle événementiel, combiné à un contrôleur prédictif optimal. L'évaluation est effectuée sur un benchmark s'exécutant en temps réel sur un cluster, et en utilisant des charges de travail industriellesThis thesis presents an application of Control Theory for Computing Systems. It aims at investigating techniques to build and control efficient, dependable and privacy-preserving computing systems. Ad-hoc service configuration require a high level of expertise which could benefit from automation in many ways. A control algorithm can handle bigger and more complex systems, even when they are extremely sensitive to variations in their environment. However, applying control to computing systems raises several challenges, e.g. no physics governs the applications. On one hand, the mathematical framework provided by control theory can be used to improve automation and robustness of computing systems. Moreover, the control theory provides by definition mathematical guarantees that its objectives will be fulfilled. On the other hand, the specific challenges of such use cases enable to expand the control theory itself. The approach taken in this work is to use two application computing systems: location privacy and cloud control. Those two use-cases are complementary in the nature of their technologies and softwares, their scale and in their end-users.The widespread of mobile devices has fostered the broadcasting and collection of users’ location data. It could be for the user to benefit from a personalized service (e.g. weather forecast or route planning) or for the service provider or any other third party to derive useful information from the mobility databases (e.g. road usage frequency or popularity of places). Indeed, many information can be retrieved from location data, including highly sensitive personal data. To overcome this privacy breach, Location Privacy Protection Mechanisms (LPPMs) have been developed. They are algorithm that modify the user’s mobility data, hopefully to hide some sensitive information. However, those tools are not easily configurable by non experts and are static processes that do not adapt to the user’s mobility. We develop two tools, one for already collected databases and one for online usage, that, by tuning the LPPMs, guarantee to the users objective-driven levels of privacy protection and of service utility preservation. First, we present an automated tool able to choose and configure LPPMs to protect already collected databases while ensuring a trade-off between privacy protection and database processing quality. Second, we present the first formulation of the location privacy challenge in control theory terms (plant and control, disturbance and performance signals), and a feedback controller to serve as a proof of concept. In both cases, design, implementation and validation has been done through experiments using data of real users collected on the field.The surge in data generation of the last decades, the so-called bigdata, has lead to the development of frameworks able to analyze them, such as the well known MapReduce. Advances in computing practices has also settled the cloud paradigms (where low-level resources can be rented to allow the development of higher level application without dealing with consideration such as investment in hardware or maintenance) as premium solution for all kind of users. Ensuring the performances of MapReduce jobs running on clouds is thus a major concern for the big IT companies and their clients. In this work, we develop advanced monitoring techniques of the jobs execution time and the platform availability by tuning the resource cluster size and realizing admission control, in spite of the unpredictable client workload. In order to deal with the non linearities of the MapReduce system, a robust adaptive feedback controller has been designed. To reduce the cluster utilization (leading to massive financial and energetic costs), we present a new event-based triggering mechanism formulation combined with an optimal predictive controller. Evaluation is done on a MapReduce benchmark suite running on a large-scale cluster, and using real jobs workloads
7
Van, der Schyff Karl Izak. "Cloud information security : a higher education perspective." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011607.
Full textAbstract:
In recent years higher education institutions have come under increasing financial pressure. This has not only prompted universities to investigate more cost effective means of delivering course content and maintaining research output, but also to investigate the administrative functions that accompany them. As such, many South African universities have either adopted or are in the process of adopting some form of cloud computing given the recent drop in bandwidth costs. However, this adoption process has raised concerns about the security of cloud-based information and this has, in some cases, had a negative impact on the adoption process. In an effort to study these concerns many researchers have employed a positivist approach with little, if any, focus on the operational context of these universities. Moreover, there has been very little research, specifically within the South African context. This study addresses some of these concerns by investigating the threats and security incident response life cycle within a higher education cloud. This was done by initially conducting a small scale survey and a detailed thematic analysis of twelve interviews from three South African universities. The identified themes and their corresponding analyses and interpretation contribute on both a practical and theoretical level with the practical contributions relating to a set of security driven criteria for selecting cloud providers as well as recommendations for universities who have or are in the process of adopting cloud computing. Theoretically several conceptual frameworks are offered allowing the researcher to convey his understanding of how the aforementioned practical concepts relate to each other as well as the concepts that constitute the research questions of this study.
8
Villarino, Marzo Jorge. "La privacidad en el entorno del cloud computing." Doctoral thesis, Universitat Abat Oliba, 2017. http://hdl.handle.net/10803/456904.
Full textAbstract:
L’evolució tecnològica ha tingut un enorme impacte en els drets fonamentals, donant lloc al naixement de la quarta generació de drets. Un d’aquests drets ha sigut, sens dubte, el dret a la protecció de dades. La privacitat constitueix una de les grans preocupacions de la societat. Per aquesta raó, qualsevol desenvolupament tecnològic planteja nous reptes a la regulació de la protecció de dades.
La computació en núvol és una nova realitat tecnològica caracteritzada per la ubiqüitat, l’elasticitat, el dinamisme, la virtualització, l’escalabilitat i el pagament sota demanda.
En aquest treball s’analitza si la regulació actual del dret fonamental a la protecció de dades és vàlida per fer front als reptes que planteja la computació en núvol o si és necessari un nou règim jurídic.La evolución tecnológica ha tenido un enorme impacto en los derechos fundamentales, dando lugar al nacimiento de la cuarta generación de derechos. Uno de estos derechos ha sido, sin duda, el derecho a la protección de datos. La privacidad constituye una de las grandes preocupaciones de la sociedad. Por esta razón, cualquier desarrollo tecnológico plantea nuevos retos a la regulación de la protección de datos La computación en nube es una nueva realidad tecnológica caracterizada por la ubicuidad, la elasticidad, el dinamismo, la virtualización, la escalabilidad y el pago bajo demanda. En este trabajo se analiza si la regulación actual del derecho fundamental a la protección de datos es válida para hacer frente a los retos que plantea la computación en nube o si es necesario un nuevo régimen jurídico
The technological evolution has had a great impact on fundamental rights, giving rise to the fourth generation of human rights. One of these has been, with no doubts, the right to data protection. Privacy is one of the main concerns of society. For this reason, any new technological development poses new challenges to data protection regulation. Cloud computing is a new technological reality characterized by ubiquity, elasticity, dynamism, virtualization, scalability and pay on demand. In this dissertation we will analyze if the current data protection regulation is valid to face the new challenges pose by cloud computing or if a new legal regime is mandatory.
9
Imine, Youcef. "Cloud computing security." Thesis, Compiègne, 2019. http://www.theses.fr/2019COMP2520.
Full textAbstract:
Ces dernières années, nous assistons à une immense révolution numérique de l’internet où de nombreuses applications, innovantes telles que l’internet des objets, les voitures autonomes, etc., ont émergé. Par conséquent, l’adoption des technologies d’externalisations des données, telles que le cloud ou le fog computing, afin de gérer cette expansion technologique semble inévitable. Cependant, l’utilisation du cloud ou du fog computing en tant que plateforme d’externalisation pour le stockage ou le partage des données crée plusieurs défis scientifiques. En effet, externaliser ses données signifie que l’utilisateur perd le contrôle sur ces derniers. D’où la sécurité des données devienne une préoccupation majeure qui doit être proprement traitée. C’est dans ce contexte que s’inscrivent les travaux de cette thèse dans laquelle nous avons déterminé dans un premier temps les principaux problèmes de sécurité liés à l’adoption du cloud et du fog computing. Puis, nous avons adressé trois problématiques de sécurité majeure, qui sont : 1 - Le contrôle d’accès aux données dans une architecture de type Cloud storage, où nous avons proposé une nouvelle solution de contrôle d’accès basée sur le chiffrement à base d’attributs. Notre solution assure un contrôle d’accès souple et à grains fins. De plus, elle permet d’effectuer une révocation immédiate des utilisateurs et des attributs sans aucune mise à jour des clés de chiffrement fournies aux utilisateurs. 2 - Le problème de l’authentification mutuelle entre les utilisateurs et les serveurs Fog dans une architecture Fog computing, où nous avons proposé un nouveau schéma d’authentification efficace, qui assure l’authentification mutuelle et qui est robuste contre les comportements malicieux des serveurs Fog. 3 - Le problème de traçabilité et de la protection de la vie privée dans le cadre des applications de partage d’informations publiques, où nous avons proposé une nouvelle solution pour le partage d’informations publiques assurant le service de traçabilité tout en préservant les informations privées des utilisateurs. Avec notre solution, les serveurs d’externalisations authentifient les utilisateurs sans pouvoir obtenir des informations sur leur vie privée. En cas de comportements malicieux, notre solution permet de tracer les utilisateurs malveillants grâce à une autoritéThese last years, we are witnessing a real digital revolution of Internet where many innovative applications such as Internet of Things, autonomous cars, etc., have emerged. Consequently, adopting externalization technologies such as cloud and fog computing to handle this technological expansion seems to be an inevitable outcome. However, using the cloud or fog computing as a data repository opens many challenges in prospect. This thesis addresses security issues in cloud and fog computing which is a major challenge that need to be appropriately overcomed. Indeed, adopting these technologies means that the users lose control over their own data, which exposes it to several security threats. Therefore, we first investigated the main security issues facing the adoption of cloud and fog computing technologies. As one of the main challenges pointed in our investigation, access control is indeed a cornerstone of data security. An efficient access control mechanism must provide enforced and flexible access policies that ensure data protection, even from the service provider. Hence, we proposed a novel secure and efficient attribute based access control scheme for cloud data-storage applications. Our solution ensures flexible and fine-grained access control and prevents security degradations. Moreover, it performs immediate users and attributes revocation without any key regeneration. Authentication service in fog computing architecture is another issue that we have addressed in this thesis. Some traditional authentication schemes endure latency issues while others do not satisfy fog computing requirements such as mutual authentication between end-devices and fog servers. Thus, we have proposed a new, secure and efficient authentication scheme that ensures mutual authentication at the edge of the network and remedies to fog servers' misbehaviors.Finally, we tackled accountability and privacy-preserving challenges in information-sharing applications for which several proposals in the literature have treated privacy issues, but few of them have considered accountability service. Therefore, we have proposed a novel accountable privacy preserving solution for public information sharing in data externalization platforms. Externalization servers in our scheme authenticate any user in the system without violating its privacy. In case of misbehavior, our solution allows to trace malicious users thanks to an authority
10
Trebulová, Debora. "Zálohování dat a datová úložiště." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318599.
Full textAbstract:
This diploma thesis focuses on ways of backing up data and their practical use in a specific proposal for Transroute Group s.r.o.. In the introduction part the theoretical knowledge on this issue is presented. Next part of the thesis deals with the analysis of the current state of backup in the company. This section is followed by a chapter where several solutions are presented each with their financial evaluation. The ending part is composed of the choice of a specific solution and a time estimate for its implementation.
11
Ladjel, Riad. "Secure distributed computations for the personal cloud." Electronic Thesis or Diss., université Paris-Saclay, 2020. http://www.theses.fr/2020UPASG043.
Full textAbstract:
Grâce aux “smart disclosure initiatives”, traduit en français par « ouvertures intelligentes » et aux nouvelles réglementations comme le RGPD, les individus ont la possibilité de reprendre le contrôle sur leurs données en les stockant localement de manière décentralisée. En parallèle, les solutions dites de clouds personnels ou « système personnel de gestion de données » se multiplient, leur objectif étant de permettre aux utilisateurs d'exploiter leurs données personnelles pour leur propre bien.Cette gestion décentralisée des données personnelles offre une protection naturelle contre les attaques massives sur les serveurs centralisés et ouvre de nouvelles opportunités en permettant aux utilisateurs de croiser leurs données collectées auprès de différentes sources. D'un autre côté, cette approche empêche le croisement de données provenant de plusieurs utilisateurs pour effectuer des calculs distribués.L'objectif de cette thèse est de concevoir un protocole de calcul distribué, générique, qui passe à l’échelle et qui permet de croiser les données personnelles de plusieurs utilisateurs en offrant de fortes garanties de sécurité et de protection de la vie privée. Le protocole répond également aux deux questions soulevées par cette approche : comment préserver la confiance des individus dans leur cloud personnel lorsqu'ils effectuent des calculs croisant des données provenant de plusieurs individus ? Et comment garantir l'intégrité du résultat final lorsqu'il a été calculé par une myriade de clouds personnels collaboratifs mais indépendants ?Thanks to smart disclosure initiatives and new regulations like GDPR, individuals are able to get the control back on their data and store them locally in a decentralized way. In parallel, personal data management system (PDMS) solutions, also called personal clouds, are flourishing. Their goal is to empower users to leverage their personal data for their own good. This decentralized way of managing personal data provides a de facto protection against massive attacks on central servers and opens new opportunities by allowing users to cross their data gathered from different sources. On the other side, this approach prevents the crossing of data from multiple users to perform distributed computations. The goal of this thesis is to design a generic and scalable secure decentralized computing framework which allows the crossing of personal data of multiple users while answering the following two questions raised by this approach. How to preserve individuals' trust on their PDMS when performing global computations crossing data from multiple individuals? And how to guarantee the integrity of the final result when it has been computed by a myriad of collaborative but independent PDMSs?
12
Chernikau, Ivan. "Ochrana soukromí v cloudu." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2019. http://www.nusl.cz/ntk/nusl-399610.
Full textAbstract:
In the Master’s thesis were described privacy protection problems while using cloud technologies. Some of the problems can be solved with help of homomorphic encryption, data splitting or searchable encryption. These techniques were described and compared by provided security, privacy protection and efficiency. The data splitting technique was chosen and implemented in the C language. Afterwards a performance of the implemented solution was compared to AES encryption/decryption performance. An application for secured data storing in cloud was designed and implemented. This application is using the implemented data splitting technique and third-party application CloudCross. The designed application provides command line interface (CLI) and graphical user interface (GUI). GUI extends the capabilities of CLI with an ability to register cloud and with an autodetection of registered clouds. The process of uploading/downloading the data to/from cloud storage is transparent and it does not overload the user with technical details of used data splitting technique.
13
Moataz, Tarik. "Searching over encrypted data." Thesis, Télécom Bretagne, 2016. http://www.theses.fr/2016TELB0418/document.
Full textAbstract:
Les services cloud offrent des coûts réduits, une élasticité et un espace de stockage illimité qui attirent de nombreux utilisateurs. Le partage de fichiers, les plates-formes collaboratives, les plateformes de courrier électroniques, les serveurs de sauvegarde et le stockage de fichiers sont parmi les services qui font du cloud un outil essentiel pour une utilisation quotidienne. Actuellement, la plupart des systèmes d'exploitation proposent des applications de stockage externalisées intégrées, par conception, telles que One Drive et iCloud, en tant que substituts naturels succédant au stockage local. Cependant, de nombreux utilisateurs, même ceux qui sont disposés à utiliser les services susmentionnés, restent réticents à adopter pleinement le stockage et les services sous-traités dans le cloud. Les préoccupations liées à la confidentialité des données augmentent l'incertitude pour les utilisateurs qui conservent des informations sensibles. Il existe de nombreuses violations récurrentes de données à l'échelle mondiale qui ont conduit à la divulgation d'informations sensibles par les utilisateurs. Pour en citer quelques-uns : une violation de Yahoo fin 2014 et annoncé publiquement en Septembre 2016, connue comme la plus grande fuite de données de l'histoire d'Internet, a conduit à la divulgation de plus de 500 millions de comptes utilisateur ; une infraction aux assureurs-maladie, Anthem en février 2015 et Premera BlueCross BlueShield en mars 2015, qui a permis la divulgation de renseignements sur les cartes de crédit, les renseignements bancaires, les numéros de sécurité sociale, pour des millions de clients et d'utilisateurs. Une contre-mesure traditionnelle pour de telles attaques dévastatrices consiste à chiffrer les données des utilisateurs afin que même si une violation de sécurité se produit, les attaquants ne peuvent obtenir aucune information à partir des données. Malheureusement, cette solution empêche la plupart des services du cloud, et en particulier, la réalisation des recherches sur les données externalisées.Les chercheurs se sont donc intéressés à la question suivante : comment effectuer des recherches sur des données chiffrées externalisées tout en préservant une communication, un temps de calcul et un stockage acceptables ? Cette question avait plusieurs solutions, reposant principalement sur des primitives cryptographiques, offrant de nombreuses garanties de sécurité et d'efficacité. Bien que ce problème ait été explicitement identifié pendant plus d'une décennie, de nombreuses dimensions de recherche demeurent non résolues. Dans ce contexte, le but principal de cette thèse est de proposer des constructions pratiques qui sont (1) adaptées aux déploiements dans les applications réelles en vérifiant les exigences d'efficacité nécessaires, mais aussi, (2) en fournissant de bonnes assurances de sécurité. Tout au long de notre recherche, nous avons identifié le chiffrement cherchable (SSE) et la RMA inconsciente (ORAM) comme des deux potentielles et principales primitives cryptographiques candidates aux paramètres des applications réelles. Nous avons identifié plusieurs défis et enjeux inhérents à ces constructions et fourni plusieurs contributions qui améliorent significativement l'état de l'art.Premièrement, nous avons contribué à rendre les schémas SSE plus expressifs en permettant des requêtes booléennes, sémantiques et de sous-chaînes. Cependant, les praticiens doivent faire très attention à préserver l'équilibre entre la fuite d'information et le degré d'expressivité souhaité. Deuxièmement, nous améliorons la bande passante de l'ORAM en introduisant une nouvelle structure récursive de données et une nouvelle procédure d'éviction pour la classe d'ORAM ; nous introduisons également le concept de redimensionnabilibté dans l'ORAM qui est une caractéristique requise pour l'élasticité de stockage dans le cloudCloud services offer reduced costs, elasticity and a promised unlimited managed storage space that attract many end-users. File sharing, collaborative platforms, email platforms, back-up servers and file storage are some of the services that set the cloud as an essential tool for everyday use. Currently, most operating systems offer built-in outsourced cloud storage applications, by design, such as One Drive and iCloud, as natural substitutes succeeding to the local storage. However, many users, even those willing to use the aforementioned cloud services, remain reluctant towards fully adopting cloud outsourced storage and services. Concerns related to data confidentiality rise uncertainty for users maintaining sensitive information. There are many, recurrent, worldwide data breaches that led to the disclosure of users' sensitive information. To name a few: a breach of Yahoo late 2014 and publicly announced on September 2016, known as the largest data breach of Internet history, led to the disclosure of more than 500 million user accounts; a breach of health insurers, Anthem in February 2015 and Premera BlueCross BlueShield in March 2015, that led to the disclosure of credit card information, bank account information, social security numbers, data income and more information for more than millions of customers and users. A traditional countermeasure for such devastating attacks consists of encrypting users' data so that even if a security breach occurs, the attackers cannot get any information from the data. Unfortunately, this solution impedes most of cloud services, and in particular, searching on outsourced data. Researchers therefore got interrested in the fllowing question: how to search on outsourced encrypted data while preserving efficient communication, computation and storage overhead? This question had several solutions, mostly based on cryptographic primitives, offering numerous security and efficiency guarantees. While this problem has been explicitly identified for more than a decade, many research dimensions remain unsolved. The main goal of this thesis is to come up with practical constructions that are (1) suitable for real life deployments verifying necessary efficiency requirements, but also, (2) providing good security insurances. Throughout our reseach investigation, we identified symmetric searchable encryption (SSE) and oblivious RAM (ORAM) as the two potential and main cryptographic primitives' candidate for real life settings. We have recognized several challenges and issues inherent to these constructions and provided a number of contributions that improve upon the state of the art. First, we contributed to make SSE schemes more expressive by enabling Boolean, semantic, and substring queries. Practitioners, however, need to be very careful about the provided balance between the security leakage and the degree of desired expressiveness. Second, we improve ORAM's bandwidth by introducing a novel recursive data structure and a new eviction procedure for the tree-based class of ORAM contructions, but also, we introduce the concept of resizability in ORAM which is a required feature for cloud storage elasticity
14
Carpen-Amarie, Alexandra. "BlobSeer as a data-storage facility for clouds : self-Adaptation, integration, evaluation." Thesis, Cachan, Ecole normale supérieure, 2011. http://www.theses.fr/2011DENS0066/document.
Full textAbstract:
L’émergence de l’informatique dans les nuages met en avant de nombreux défis qui pourraient limiter l’adoption du paradigme Cloud. Tandis que la taille des données traitées par les applications Cloud augmente exponentiellement, un défi majeur porte sur la conception de solutions efficaces pour la gestion de données. Cette thèse a pour but de concevoir des mécanismes d’auto-adaptation pour des systèmes de gestion de données, afin qu’ils puissent répondre aux exigences des services de stockage Cloud en termes de passage à l’échelle, disponibilité et sécurité des données. De plus, nous nous proposons de concevoir un service de données qui soit à la fois compatible avec les interfaces Cloud standard dans et capable d’offrir un stockage de données à haut débit. Pour relever ces défis, nous avons proposé des mécanismes génériques pour l’auto-connaissance, l’auto-protection et l’auto-configuration des systèmes de gestion de données. Ensuite, nous les avons validés en les intégrant dans le logiciel BlobSeer, un système de stockage qui optimise les accès hautement concurrents aux données. Finalement, nous avons conçu et implémenté un système de fichiers s’appuyant sur BlobSeer, afin d’optimiser ce dernier pour servir efficacement comme support de stockage pour les services Cloud. Puis, nous l’avons intégré dans un environnement Cloud réel, la plate-forme Nimbus. Les avantages et les désavantages de l’utilisation du stockage dans le Cloud pour des applications réelles sont soulignés lors des évaluations effectuées sur Grid’5000. Elles incluent des applications à accès intensif aux données, comme MapReduce, et des applications fortement couplées, comme les simulations atmosphériquesThe emergence of Cloud computing brings forward many challenges that may limit the adoption rate of the Cloud paradigm. As data volumes processed by Cloud applications increase exponentially, designing efficient and secure solutions for data management emerges as a crucial requirement. The goal of this thesis is to enhance a distributed data-management system with self-management capabilities, so that it can meet the requirements of the Cloud storage services in terms of scalability, data availability, reliability and security. Furthermore, we aim at building a Cloud data service both compatible with state-of-the-art Cloud interfaces and able to deliver high-throughput data storage. To meet these goals, we proposed generic self-awareness, self-protection and self-configuration components targeted at distributed data-management systems. We validated them on top of BlobSeer, a large-scale data-management system designed to optimize highly-concurrent data accesses. Next, we devised and implemented a BlobSeer-based file system optimized to efficiently serve as a storage backend for Cloud services. We then integrated it within a real-world Cloud environment, the Nimbus platform. The benefits and drawbacks of using Cloud storage for real-life applications have been emphasized in evaluations that involved data-intensive MapReduce applications and tightly-coupled, high-performance computing applications
15
Spáčil, Michael. "Zálohování dat a datová úložiště." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2021. http://www.nusl.cz/ntk/nusl-444686.
Full textAbstract:
The diploma thesis is focused on the design of a backup system to increase the efficiency of working with stored data and increase the security of stored data. The analysis of the current state describes the company itself and also the backup system using the audit portal Zefis.cz. The following part describes the design of a new backup system that focuses on complexity using the cloud, magnetic tapes, and high server availability.
16
Vasilopoulos, Dimitrios. "Reconciling cloud storage functionalities with security : proofs of storage with data reliability and secure deduplication." Electronic Thesis or Diss., Sorbonne université, 2019. http://www.theses.fr/2019SORUS399.
Full textAbstract:
Dans cette thèse, nous étudions en profondeur le problème de la vérifiabilité des systèmes de stockage en nuage. Suite à notre étude des preuves de stockage et nous avons identifié des limitations par rapport à deux caractéristiques essentielles aux systèmes de stockage en nuage: la fiabilité du stockage des données avec une maintenance automatique et la déduplication des données. Pour faire face à la première limitation, nous introduisons la notion de preuve de fiabilité des données, un schéma de vérification complet visant à résoudre le conflit entre la vérification fiable du stockage des données et la maintenance automatique. Nous proposons deux schémas de preuve de fiabilité des données, à savoir POROS et PORTOS, qui permettent de vérifier un mécanisme de stockage fiable de données tout en permettant au fournisseur de stockage en nuage d'effectuer de manière autonome des opérations de maintenance automatique. En ce qui concerne la deuxième caractéristique, nous traitons le conflit entre les preuves de stockage et la déduplication. Plus précisément nous proposons une preuve de stockage à message verrouillé c'est-à-dire une solution combinant les preuves de stockage avec la déduplication. De plus, nous proposons un nouveau protocole de génération de clé à message verrouillé qui résiste mieux aux attaques de dictionnaire hors ligne par rapport aux solutions existantesIn this thesis we study in depth the problem of verifiability in cloud storage systems. We study Proofs of Storage -a family of cryptographic protocols that enable a cloud storage provider to prove to a user that the integrity of her data has not been compromised- and we identify their limitations with respect to two key characteristics of cloud storage systems, namely, reliable data storage with automatic maintenance and data deduplication. To cope with the first characteristic, we introduce the notion of Proofs of Data Reliability, a comprehensive verification scheme that aims to resolve the conflict between reliable data storage verification and automatic maintenance. We further propose two Proofs of Data Reliability schemes, namely POROS and PORTOS, that succeed in verifying reliable data storage and, at the same time, enable the cloud storage provider to autonomously perform automatic maintenance operations. As regards to the second characteristic, we address the conflict between Proofs of Storage and deduplication. More precisely, inspired by previous attempts in solving the problem of deduplicating encrypted data, we propose message-locked PoR, a solution that combines Proofs of Storage with deduplication. In addition, we propose a novel message-locked key generation protocol which is more resilient against off-line dictionary attacks compared to existing solutions
17
Tourne, Elise. "Le phénomène de circulation des données à caractère personnel dans le cloud : étude de droit matériel dans le contexte de l'Union européenne." Thesis, Lyon, 2018. http://www.theses.fr/2018LYSE3012/document.
Full textAbstract:
Le régime juridique applicable à la collecte et à l’exploitation par les fournisseurs de services de cloud computing des données à caractère personnel de leurs utilisateurs constitue une source d’interrogation pour ces derniers. De fait, aucun régime juridique organisé ne permet aujourd’hui de réguler de manière globale, au niveau de l’Union européenne, le phénomène de circulation des données à caractère personnel dans le cloud, que ce soit de manière directe ou indirecte. Il apparaît, dès lors, nécessaire de s’interroger sur la manière dont le droit s’est organisé en conséquence et d’analyser les traitements complémentaires et/ou alternatifs actuellement offerts par le droit, certes moins structurellement organisés et mosaïques, mais plus pragmatiques, réalistes et politiquement viables. Historiquement, le phénomène de circulation a été presque exclusivement traité via le droit spécifique à la protection des données à caractère personnel découlant de l’Union européenne. Ce droit, souvent considéré par opposition au droit à la libre circulation des données, constituait initialement une émanation du droit à la protection de la vie privée avant d’être consacré en tant que droit fondamental de l’Union européenne. Le traitement offert par le droit à la protection des données, s’il cible directement les données au cœur du phénomène de circulation dans le cloud, ne couvre que partiellement ledit phénomène. De surcroît, malgré l’entrée en vigueur du Règlement 2016/679 relatif à la protection des personnes physiques à l’égard du traitement des données à caractère personnel et à la libre circulation de ces données, il possède une efficacité contestable, ne proposant pas de solution harmonisée au sein de l’Union européenne et étant dépendant de la bonne volonté et des moyens financiers, organisationnels et humains des Etats Membres. Les traitements alternatifs ou complémentaires au droit à la protection des données qui existent au sein de l’Union européenne, qui peuvent être répartis entre outils techniques, contractuels et législatifs, n’offrent qu’une appréhension indirecte du phénomène de circulation via un encadrement de son environnement cloud. Individuellement, ils ne permettent d’appréhender qu’un aspect très réduit du phénomène de circulation, de surcroît avec une efficacité plus ou moins grande. En outre, les outils techniques et contractuels n’ont pas la légitimité attachée aux outils législatifs. Néanmoins, associés les uns aux autres, ils permettent de cibler le phénomène de circulation des données de manière plus globale et efficaceThe legal framework applicable to the gathering and processing by cloud service providers of the personal data of their users raises questions for such users. De facto, there does not now exist an organized legal framework allowing for the regulation, at the European Union level and as a whole, of the flow of personal data in the cloud, whether directly or indirectly. It thus seems necessary to question the way law organized itself consequently and analyze the complementary and/or alternative treatments offered by law, which are less structurally organized and are mosaical, but are more pragmatic, realistic and politically sustainable. Historically, the flow of personal data has been dealt almost exclusively via the specific right to the protection of personal data, which derives from the European Union. Such right, often considered in opposition to the right to the free circulation of data, was initially an emanation of the right to privacy before being established as a fundamental right of the European Union. The treatment provided by the right to the protection of personal data, if it targets directly the data within the flow phenomena, only partly covers such phenomena. In addition, despite the entry into force of the Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, its effectiveness is questionable, not offering any harmonized solution within the European Union and being highly dependent on the goodwill and the financial, organizational and human means of the Member States. The complementary and/or alternative treatments to the right to the protection of personal data that exist within the European Union, which may be allocated among technical, contractual and regulatory tools, only approach the data flow phenomena indirectly by providing a framework to its environment. Individually, they only target one very limited aspect of the data flow phenomena, with more or less effectiveness. Furthermore, technical and contractual tools have not the legitimacy attached to the regulatory tools. However, associated one with another, they allow a more global and efficient targeting of the data flow phenomena
18
Kontargyris, Xenofon [Verfasser]. "IT Laws in the Era of Cloud-Computing : A Comparative Analysis between EU and US Law on the Case Study of Data Protection and Privacy / Xenofon Kontargyris." Baden-Baden : Nomos Verlagsgesellschaft mbH & Co. KG, 2018. http://d-nb.info/1175743518/34.
Full text
19
Chenette, Nathan Lee. "Symmetric schemes for efficient range and error-tolerant search on encrypted data." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/48976.
Full textAbstract:
Large-scale data management systems rely more and more on cloud storage, where the need for efficient search capabilities clashes with the need for data confidentiality. Encryption and efficient accessibility are naturally at odds, as for instance strong encryption necessitates that ciphertexts reveal nothing about underlying data. Searchable encryption is an active field in cryptography studying encryption schemes that provide varying levels of efficiency, functionality, and security, and efficient searchable encryption focuses on schemes enabling sub-linear (in the size of the database) search time. I present the first cryptographic study of efficient searchable symmetric encryption schemes supporting two types of search queries, range queries and error-tolerant queries. The natural solution to accommodate efficient range queries on ciphertexts is to use order-preserving encryption (OPE). I propose a security definition for OPE schemes, construct the first OPE scheme with provable security, and further analyze security by characterizing one-wayness of the scheme. Efficient error-tolerant queries are enabled by efficient fuzzy-searchable encryption (EFSE). For EFSE, I introduce relevant primitives, an optimal security definition and a (somewhat space-inefficient, but in a sense efficient as possible) scheme achieving it, and more efficient schemes that achieve a weaker, but practical, security notion. In all cases, I introduce new appropriate security definitions, construct novel schemes, and prove those schemes secure under standard assumptions. The goal of this line of research is to provide constructions and provable security analysis that should help practitioners decide whether OPE or FSE provides a suitable efficiency-security-functionality tradeoff for a given application.
20
Johnsson, Lovisa. "Dataskyddsförordningens tillämplighet vid personuppgiftshantering i molntjänster : En studie av Dataskyddsförordningen, utifrån perspektivet användande av molntjänster." Thesis, Linköpings universitet, Affärsrätt, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-137192.
Full textAbstract:
För att förbättra säkerhetsarbetet och för att skapa harmonisering inom EU vad gäller skydd av personuppgifter antogs i april år 2016 en ny EU-förordning om dataskydd, General Data Protection Regulation (GDPR), även benämnd Dataskyddsförordningen. Förordningen börjar gälla som lag i Sverige först den 25 maj år 2018. Införandet av förordningen kommer innebära att Europaparlamentets och rådets direktiv 95/46/EG av den 24 oktober 1995 om skydd för enskilda personer med avseende på behandling av personuppgifter och om det fria flödet av sådana uppgifter samt Personuppgiftslagen (1998:204) (PUL) upphör att gälla. Det huvudsakliga syftet med Dataskyddsförordningen är att ytterligare harmonisera och effektivisera skyddet av personuppgifter för att förbättra den inre marknadens funktion samt att öka den enskildas kontroll över sina personuppgifter. Dataskyddsförordningen är direkt tillämplig som lag i samtliga medlemsländer och kommer efter ikraftträdande utgöra grunden för generell personuppgiftsbehandling inom hela EU. Det har under de senaste åren blivit allt mer vanligt att företag, organisationer, kommuner och myndigheter använder sig av molntjänster. Molntjänster är intressanta ur ett juridiskt perspektiv eftersom de mest uppmärksammade juridiska frågeställningarna angående molntjänster är frågor hänförliga till hantering av personuppgifter och säkerhet. I uppsatsen redogörs för införandet av Dataskyddsförordningen (GDPR) utifrån perspektivet företags, organisationer, kommuners och myndigheters användande av molntjänster. I uppsatsen beskrivs även molntjänsters funktioner och egenskaper. Dataskyddsförordningen är nyligen antagen och utgör ännu inte svensk lag, förordningen baseras däremot i stora delar på Dataskyddsdirektivets innehåll och struktur. Dataskyddsdirektivet och PUL studeras därför i uppsatsen för att få en förståelse för bestämmelserna i Dataskyddsförordningen. Molntjänster finns i flera olika tekniska lösningar och är även gränsöverskridande, vilket innebär att användande av molntjänster i vissa fall innebär att personuppgifter överförs till ett tredje land. Uppsatsen behandlar därmed tillämpliga bestämmelser avseende överföringar av personuppgifter till tredje land. Uppsatsen avslutas med en analys och en slutsats. I slutsatsen konstateras att förordningen ger ett förstärkt skydd för den registrerade vid hantering av personuppgifter i molntjänster samt att förordningens utökade territoriella tillämpningsområde innebär att förordningen är bättre anpassad till molntjänstanvändande. Vidare konstateras i slutsatsen att rättsläget för överföringar av personuppgifter till USA med stöd av Privacy Shield-överenskommelsen för närvarande är osäkert.
21
Kroft, Karel. "Audit cloudových služeb pro malé a střední podniky." Master's thesis, Vysoká škola ekonomická v Praze, 2014. http://www.nusl.cz/ntk/nusl-203958.
Full textAbstract:
Cloud computing brings to the world of information systems many opportunities but also new risks. The main one is decreased customer ability to directly control the security of information and systems, because administration responsibility passes to providers. This thesis focuses on cloud services auditing from the small and medium enterprises perspective. In introduction, this work defines information system audit terminology, characterizes cloud services and analyzes international legislation. Standardization organizations, published standards and methodologies that are widely respected in IT field are introduced. For the trust mediation in the cloud are important independent third-party audits and organizations specializing in the examination and control of cloud providers. The assumptions list is assembled on this basis to support screening process and to check, whether enterprise, service providers and services are ready for creating efficient and safe cloud system. The assumptions are applied to selected cloud service providers.
22
Maddineni, Venkata Sravan Kumar, and Shivashanker Ragi. "Security Techniques for protecting data in Cloud Computing." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3430.
Full textAbstract:
Context: From the past few years, there has been a rapid progress in Cloud Computing. With the increasing number of companies resorting to use resources in the Cloud, there is a necessity for protecting the data of various users using centralized resources. Some major challenges that are being faced by Cloud Computing are to secure, protect and process the data which is the property of the user. Aims and Objectives: The main aim of this research is to understand the security threats and identify the appropriate security techniques used to mitigate them in Cloud Computing. The main objectives of this research are: • To understand the security issues and the techniques used in the current world of Cloud Computing. • To identify the security challenges, those are expected in the future of Cloud Computing. • To suggest counter measures for the future challenges to be faced in Cloud Computing. Research Methodology: In this study, we have used two research methods. • Systematic Literature Review. • Survey and interviews with various security experts working on Cloud Computing. Result: As a result, we have identified the total of 43 security challenges and 43 security techniques. The most measured attribute is confidentiality (31%) followed by integrity (24%) and availability (19%). The impact of identified mitigation techniques is mainly on security (30%), followed by performance (22%) and efficiency (17%). Also we have identified 17 future challenges and 8 mitigation practices. Conclusion: The identification of security challenges and mitigation techniques in large number of services of Cloud Computing is a very challenging task. In the process of identification from research methods (SLR and Survey), we had identified a satisfactory number of challenges and mitigation techniques which are being used at present and also in future Cloud Computing.
23
He, Yijun, and 何毅俊. "Protecting security in cloud and distributed environments." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B49617631.
Full textAbstract:
Encryption helps to ensure that information within a session is not compromised. Authentication and access control measures ensure legitimate and appropriate access to information, and prevent inappropriate access to such resources. While encryption, authentication and access control each has its own responsibility in securing a communication session, a combination of these three mechanisms can provide much better protection for information.
This thesis addresses encryption, authentication and access control related problems in cloud and distributed environments, since these problems are very common in modern organization environment. The first one is a User-friendly Location-free Encryption System for Mobile Users (UFLE). It is an encryption and authentication system which provides maximum security to sensitive data in distributed environment: corporate, home and outdoors scenarios, but requires minimum user effort (i.e. no biometric entry, or possession of cryptographic tokens) to access the data. It makes users securely and easily access data any time and any place, as well as avoids data breach due to stolen/lost laptops and USB flash. The multi-factor authentication protocol provided in this scheme is also applicable to cloud storage.
The second one is a Simple Privacy-Preserving Identity-Management for Cloud Environment (SPICE). It is the first digital identity management system that can satisfy “unlinkability”and “delegatable authentication” in addition to other desirable properties in cloud environment. Unlinkability ensures that none of the cloud service providers (CSPs), even if they collude, can link the transactions of the same user. On the other hand, delegatable authentication is unique to the cloud platform, in which several CSPs may join together to provide a packaged service, with one of them being the source provider which interacts with the clients and performs authentication, while the others are receiving CSPs which will be transparent to the clients. The authentication should be delegatable such that the receiving CSP can authenticate a user without a direct communication with either the user or the registrar, and without fully trusting the source CSP.
The third one addresses re-encryption based access control issue in cloud and distributed storage. We propose the first non-transferable proxy re-encryption scheme [16] which successfully achieves the non-transferable property. Proxy re-encryption allows a third-party (the proxy) to re-encrypt a ciphertext which has been encrypted for one party without seeing the underlying plaintext so that it can be decrypted by another. A proxy re-encryption scheme is said to be non-transferable if the proxy and a set of colluding delegatees cannot re-delegate decryption rights to other parties. The scheme can be utilized for a content owner to delegate content decryption rights to users in the untrusted cloud storage. The advantages of using such scheme are: decryption keys are managed by the content owner, and plaintext is always hidden from cloud provider.published_or_final_version
Computer Science
Doctoral
Doctor of Philosophy
24
Mahboubi, Sakina. "Préservation de la confidentialité des données externalisées dans le traitement des requêtes top-k." Thesis, Montpellier, 2018. http://www.theses.fr/2018MONTS026/document.
Full textAbstract:
L’externalisation de données d’entreprise ou individuelles chez un fournisseur de cloud, par exemple avec l’approche Database-as-a-Service, est pratique et rentable. Mais elle introduit un problème majeur: comment préserver la confidentialité des données externalisées, tout en prenant en charge les requêtes expressives des utilisateurs. Une solution simple consiste à crypter les données avant leur externalisation. Ensuite, pour répondre à une requête, le client utilisateur peut récupérer les données cryptées du cloud, les décrypter et évaluer la requête sur des données en texte clair (non cryptées). Cette solution n’est pas pratique, car elle ne tire pas parti de la puissance de calcul fournie par le cloud pour évaluer les requêtes.Dans cette thèse, nous considérons un type important de requêtes, les requêtes top-k, et le problème du traitement des requêtes top-k sur des données cryptées dans le cloud, tout en préservant la vie privée. Une requête top-k permet à l’utilisateur de spécifier un nombre k de tuples les plus pertinents pour répondre à la requête. Le degré de pertinence des tuples par rapport à la requête est déterminé par une fonction de notation.Nous proposons d’abord un système complet, appelé BuckTop, qui est capable d’évaluer efficacement les requêtes top-k sur des données cryptées, sans avoir à les décrypter dans le cloud. BuckTop inclut un algorithme de traitement des requêtes top-k qui fonctionne sur les données cryptées, stockées dans un nœud du cloud, et retourne un ensemble qui contient les données cryptées correspondant aux résultats top-k. Il est aidé par un algorithme de filtrage efficace qui est exécuté dans le cloud sur les données chiffrées et supprime la plupart des faux positifs inclus dans l’ensemble renvoyé. Lorsque les données externalisées sont volumineuses, elles sont généralement partitionnées sur plusieurs nœuds dans un système distribué. Pour ce cas, nous proposons deux nouveaux systèmes, appelés SDB-TOPK et SD-TOPK, qui permettent d’évaluer les requêtes top-k sur des données distribuées cryptées sans avoir à les décrypter sur les nœuds où elles sont stockées. De plus, SDB-TOPK et SD-TOPK ont un puissant algorithme de filtrage qui filtre les faux positifs autant que possible dans les nœuds et renvoie un petit ensemble de données cryptées qui seront décryptées du côté utilisateur. Nous analysons la sécurité de notre système et proposons des stratégies efficaces pour la mettre en œuvre.Nous avons validé nos solutions par l’implémentation de BuckTop, SDB-TOPK et SD-TOPK, et les avons comparé à des approches de base par rapport à des données synthétiques et réelles. Les résultats montrent un excellent temps de réponse par rapport aux approches de base. Ils montrent également l’efficacité de notre algorithme de filtrage qui élimine presque tous les faux positifs. De plus, nos systèmes permettent d’obtenir une réduction significative des coûts de communication entre les nœuds du système distribué lors du calcul du résultat de la requêteOutsourcing corporate or individual data at a cloud provider, e.g. using Database-as-a-Service, is practical and cost-effective. But it introduces a major problem: how to preserve the privacy of the outsourced data, while supporting powerful user queries. A simple solution is to encrypt the data before it is outsourced. Then, to answer a query, the user client can retrieve the encrypted data from the cloud, decrypt it, and evaluate the query over plaintext (non encrypted) data. This solution is not practical, as it does not take advantage of the computing power provided by the cloud for evaluating queries.In this thesis, we consider an important kind of queries, top-k queries,and address the problem of privacy-preserving top-k query processing over encrypted data in the cloud.A top-k query allows the user to specify a number k, and the system returns the k tuples which are most relevant to the query. The relevance degree of tuples to the query is determined by a scoring function.We first propose a complete system, called BuckTop, that is able to efficiently evaluate top-k queries over encrypted data, without having to decrypt it in the cloud. BuckTop includes a top-k query processing algorithm that works on the encrypted data, stored at one cloud node,and returns a set that is proved to contain the encrypted data corresponding to the top-k results. It also comes with an efficient filtering algorithm that is executed in the cloud on encypted data and removes most of the false positives included in the set returned.When the outsourced data is big, it is typically partitioned over multiple nodes in a distributed system. For this case, we propose two new systems, called SDB-TOPK and SD-TOPK, that can evaluate top-k queries over encrypted distributed data without having to decrypt at the nodes where they are stored. In addition, SDB-TOPK and SD-TOPK have a powerful filtering algorithm that filters the false positives as much as possible in the nodes, and returns a small set of encrypted data that will be decrypted in the user side. We analyze the security of our system, and propose efficient strategies to enforce it.We validated our solutions through implementation of BuckTop , SDB-TOPK and SD-TOPK, and compared them to baseline approaches over synthetic and real databases. The results show excellent response time compared to baseline approaches. They also show the efficiency of our filtering algorithm that eliminates almost all false positives. Furthermore, our systems yieldsignificant reduction in communication cost between the distributed system nodes when computing the query result
25
Lalanne, Vincent. "Gestion des risques appliquée aux systèmes d’information distribués." Thesis, Pau, 2013. http://www.theses.fr/2013PAUU3052/document.
Full textAbstract:
Dans cette thèse nous abordons la gestion des risques appliquée aux systèmes d’information distribués. Nous traitons des problèmes d’interopérabilité et de sécurisation des échanges dans les systèmes DRM et nous proposons la mise en place de ce système pour l’entreprise: il doit nous permettre de distribuer des contenus auto-protégés. Ensuite nous présentons la participation à la création d’une entreprise innovante qui met en avant la sécurité de l’information, avec en particulier la gestion des risques au travers de la norme ISO/IEC 27005:2011. Nous présentons les risques liés à l’utilisation de services avec un accent tout particulier sur les risques autres que les risques technologiques; nous abordons les risques inhérents au cloud (défaillance d’un provider, etc...) mais également les aspects plus sournois d’espionnage et d’intrusion dans les données personnelles (Affaire PRISM en juin 2013). Dans la dernière partie nous présentons un concept de DRM d’Entreprise qui utilise les métadonnées pour déployer des contextes dans les modèles de contrôle d’usage. Nous proposons une ébauche de formalisation des métadonnées nécessaires à la mise en œuvre de la politique de sécurité et nous garantissons le respect de la réglementation et de la loi en vigueurIn this thesis we discuss the application of risk management to distributed information systems. We handle problems of interoperability and securisation of the exchanges within DRM systems and we propose the implementation of this system for the company: it needs to permit the distribution of self-protected contents. We then present the (our) participation in the creation of an innovative company which emphasizes on the security of information, in particular the management of risks through the ISO/IEC 27005:2011 standard. We present risks related to the use of services, highlighting in particular the ones which are not technological: we approach inheritent risks in clouds (provider failure, etc ...) but also the more insidious aspects of espionage and intrusion in personal data (Case PRISM in June 2013). In the last section, we present a concept of a DRM company which uses metadata to deploy settings in usage control models. We propose a draft formalization of metadata necessary for the implementation of a security policy and guarantee respect of regulations and legislation
26
"Data Protection over Cloud." Master's thesis, 2016. http://hdl.handle.net/2286/R.I.38668.
Full textAbstract:
abstract: Data protection has long been a point of contention and a vastly researched field. With the advent of technology and advances in Internet technologies, securing data has become much more challenging these days. Cloud services have become very popular. Given the ease of access and availability of the systems, it is not easy to not use cloud to store data. This however, pose a significant risk to data security as more of your data is available to a third party. Given the easy transmission and almost infinite storage of data, securing one's sensitive information has become a major challenge.
Cloud service providers may not be trusted completely with your data. It is not very uncommon to snoop over the data for finding interesting patterns to generate ad revenue or divulge your information to a third party, e.g. government and law enforcing agencies. For enterprises who use cloud service, it pose a risk for their intellectual property and business secrets. With more and more employees using cloud for their day to day work, business now face a risk of losing or leaking out information.
In this thesis, I have focused on ways to protect data and information over cloud- a third party not authorized to use your data, all this while still utilizing cloud services for transfer and availability of data. This research proposes an alternative to an on-premise secure infrastructure giving exibility to user for protecting the data and control over it. The project uses cryptography to protect data and create a secure architecture for secret key migration in order to decrypt the data securely for the intended recipient. It utilizes Intel's technology which gives it an added advantage over other existing solutions.Dissertation/Thesis
Masters Thesis Computer Science 2016
27
HSU, MING-WEI, and 許銘瑋. "Cloud Services and Personal Data Protection." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/nd6344.
Full textAbstract:
碩士東吳大學
法律學系
105
With the progress of science and technology as well as the popularity of the Internet, in recent years, cloud services emerge. Cloud service means individuals store his personal resources in the remote data center managed and operated by others, and through the Internet the resources in the cloud can be accessed. While cloud computing allows its users to easily access to their information at anytime and anywhere, as long as there is internet connect, thus technology like this brings serious data security and privacy concerns. This article first introduces the concepts of cloud services, including features, architecture, service patterns, key technologies and challenges. Second, the discussion of the relevant personal data protection law related issues is revealed: from the personal data protection point of view, cloud service requires the study of legal relations among cloud computing providers, cloud service users, and data subjects. The information stored in the cloud can be divided into personal data and non-personal data. Personal data is applicable to personal data protection law; non-personal information part discussed in this article, is mainly to explore the criminal law protection for the digital data. In addition, since relevant parties may not know where personal data is located at any particular time, it is also worth considering whether this characteristic may cause adverse impact on data protection. Thus this paper aims to comprehensively review the related issues based on the newly enacted Personal Data Protection Act, and to provide suggestions for further discussion in the field.
28
Silva, Paulo Miguel Guimarães da. "Data Privacy Protection for the Cloud." Master's thesis, 2016. http://hdl.handle.net/10316/93238.
Full textAbstract:
Dissertação de Mestrado em Engenharia Informática apresentada à Faculdade de Ciências e Tecnologia da Universidade de Coimbra.Privacy is for a long time a concern when data is being discussed. Nowadays, with an increasing amount of personal and confidential data being transmitted and stored online, data curators have to assure certain guarantees of data protection and privacy. This Master Dissertation presents a background of anonymization and concealing techniques. Their characteristics and capabilities are described, as well as tools to implement and evaluate anonymization and concealing. The evaluation of the applicability of the DNA-inspired concealing algorithm is the main objective of this work. Usually, various metrics are used to measure aspects like risk or utility of the anonymized data. This work presents a new approach of evaluating how well concealed is the data. By using the Cosine Similarity as a measure of similarity between the private and concealed data, this metric proves its worthiness not only in information retrieval or text mining applications but also in the analysis of concealed or anonymized files. Nowadays there is a continuously growing demand for Cloud services and storage. The evaluation in the Master Dissertation is directed to find how suitable is the application of the DNA-inspired concealing algorithm over the data being stored or transmitted in the Cloud. The evaluation is made by analyzing the concealing results as well as the performance of the algorithm itself. The application of the algorithm is made over various texts and audio files with different characteristics, like size or contents. However, both file types are unstructured data. Which is an advantage for being accepted as an input by the algorithm. Unlike many anonymization algorithms which demand structured data. With the final results and analysis, it will be possible to determine the applicability and performance of the referred algorithm for a possible integration with the Cloud.
29
Chen, Wei-Hsiu, and 陳緯修. "Study of Data Protection in Cloud Environment." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/84273503855778390740.
Full textAbstract:
博士國防大學理工學院
國防科學研究所
102
Since 2009, the amount of digital data being produced has doubled every year. Cloud computing and storage services are economical approach to deal with such volumes of data, but it has security and privacy issues. Those massive data gathered by social networks and information-sensing mobile devices we called big data. The analysis of big data has potential benefit that attracts the attention of many companies. Full data encryption is able to ensure privacy. However, this approach makes it difficult to analyze the data in an efficient manner. Data analysis in a cloud environment requires a balance between data security and data analysis capacity. This study proposes a high-efficiency privacy-preservation scheme for data distribution in hybrid clouds to improve data security and utilization. The proposed scheme has two major phases: data risk classification and selective data protection. Data risk classification roughly divides data into two categories: high and low risks. Data are then stored separately in a hybrid cloud according to its risk level. In the selective protection phase, data anonymity and symmetric encryption in data attribution are used to ensure data safety and encryption efficiency. Data anonymity removes private information from data fields, which enables the storage of partial vague information in public clouds. Symmetric encryption encrypts only the content of sensitive fields rather than entire fields of data. The proposed scheme presents an excellent balance between data security and utilization. Results of functional analysis and comparison revealed that the proposed scheme reduces the time required for encryption and decryption and decreases the number of privacy content while allowing data mining without compromising privacy. Comparing with all traditional encryption methods, the proposed scheme is more suitable for hybrid cloud environment.
30
"Practical data integrity protection in network-coded cloud storage." 2012. http://library.cuhk.edu.hk/record=b5549172.
Full textAbstract:
近年雲存儲發展迅速,它具彈性的收費模式還有使用上的便利性吸引了不少用家把它當作一個備份的平台,如何保障雲端上資料的完整性也就成了一項重要的課題。我們試著探討如何能有效地在客戶端檢查雲端上資料的完整性,並且在探測到雲存儲節點故障以後如何有效地進行修復。抹除碼(Erasure codes)透過產生冗餘,令編碼過後的資料能允許一定程度的缺片。雲端使用者可以利用抹除碼把檔案分散到不同的雲節點,即使其中一些節點壞了用戶還是能透過解碼餘下的資料來得出原檔。我們的研究是基於一種叫再造編碼(Regenerating code)的新興抹除碼。再造編碼借用了網絡編碼(Network coding)的概念,使得在修復錯誤節點的時候並不需要把完整的原檔先重構一遍,相比起一些傳統的抹除碼(如里德所羅門碼Reed-Solomoncode)能減少修復節點時需要下載的資料量。其中我們在FMSR這門再造編碼上實現了一個能有效檢測錯誤的系統FMSR-DIP。FMSR-DIP的好處是在檢測的時候只需要下載一小部份的資料,而且不要求節點有任何的編碼能力,可以直接對應現今的雲存儲。為了驗證我們系統的實用性,我們在雲存儲的測試平台上運行了一系列的測試。To protect outsourced data in cloud storage against corruptions, enabling integrity protection, fault tolerance, and efficient recovery for cloud storage becomes critical. To enable fault tolerance from a client-side perspective, users can encode their data with an erasure code and stripe the encoded data across different cloud storage nodes. We base our work on regenerating codes, a recently proposed type of erasure code that borrows the concept of network coding and requires less repair traffic than traditional erasure codes during failure recovery. We study the problem of remotely checking the integrity of regenerating-coded data against corruptions under a real-life cloud storage setting. Specifically, we design a practical data integrity protection (DIP) scheme for a specific regenerating code, while preserving the intrinsic properties of fault tolerance and repair traffic saving. Our DIP scheme is designed under the Byzantine adversarial model, and enables a client to feasibly verify the integrity of random subsets of outsourced data against general or malicious corruptions. It works under the simple assumption of thin-cloud storage and allows different parameters to be fine-tuned for the performance-security trade-off. We implement and evaluate the overhead of our DIP scheme in a cloud storage testbed under different parameter choices. We demonstrate that remote integrity checking can be feasibly integrated into regenerating codes in practical deployment.
Detailed summary in vernacular field only.
Chen, Chuk Hin Henry.
Thesis (M.Phil.)--Chinese University of Hong Kong, 2012.
Includes bibliographical references (leaves 38-41).
Abstracts also in Chinese.
Chapter 1 --- Introduction --- p.1
Chapter 2 --- Preliminaries --- p.4
Chapter 2.1 --- FMSR Implementation --- p.4
Chapter 2.2 --- Threat Model --- p.6
Chapter 2.3 --- Cryptographic Primitives --- p.7
Chapter 3 --- Design --- p.8
Chapter 3.1 --- Design Goals --- p.8
Chapter 3.2 --- Notation --- p.9
Chapter 3.3 --- Overview of FMSR-DIP --- p.11
Chapter 3.4 --- Basic Operations --- p.11
Chapter 3.4.1 --- Upload operation --- p.11
Chapter 3.4.2 --- Check operation --- p.13
Chapter 3.4.3 --- Download operation --- p.15
Chapter 3.4.4 --- Repair operation --- p.16
Chapter 4 --- Implementation --- p.17
Chapter 4.1 --- Integration of DIP into NCCloud --- p.17
Chapter 4.2 --- Instantiating Cryptographic Primitives --- p.18
Chapter 4.3 --- Trade-off Parameters --- p.19
Chapter 5 --- Security Analysis --- p.22
Chapter 5.1 --- Uses of Security Primitives --- p.22
Chapter 5.2 --- Security Guarantees --- p.23
Chapter 5.2.1 --- Corrupting an AECC Stripe --- p.23
Chapter 5.2.2 --- Picking Corrupted Bytes for Checking --- p.25
Chapter 5.2.3 --- Putting It All Together --- p.26
Chapter 6 --- Evaluations --- p.27
Chapter 6.1 --- Running Time Analysis --- p.27
Chapter 6.2 --- Monetary Cost Analysis --- p.30
Chapter 6.3 --- Summary --- p.33
Chapter 7 --- Related Work --- p.34
Chapter 8 --- Conclusions --- p.37
Bibliography --- p.38
31
Chen, Chang Shian, and 陳昶憲. "A Design of Data Privacy Protection Mechanism for Cloud Computing." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/64407933904437715500.
Full textAbstract:
碩士長庚大學
資訊管理學系
100
Today the cloud computing provides many Internet services which are easily to obtain. Cloud computing brings many advantages, and the development of cloud computing is very popular. Before organizations agree to adopt cloud computing technology, the cloud security is the major consideration factor, especially for the protection of data stored in the cloud environment. Therefore, this study proposes a data privacy protection mechanism for cloud computing environment. The proposed protection mechanism can protect the data stored in the cloud to avoid unauthorized disclosure by third party. It can also completely protect the data while processing. The proposed protection mechanism uses the concept called mobile agent to communicate between different service providers’ servers. It will not only protect the security and privacy of the plaintext data, but also ensure the confidentiality and integrity. Furthermore, for the data privacy protection, this study covers the data’s whole lifecycle from creating to destruction.
32
PAN, CHIH-CHENG, and 潘志成. "Research to Establish Personal Data Protection in the Cloud Computing Services." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/30012948778680825573.
Full textAbstract:
碩士中國科技大學
資訊科技應用研究所碩士在職專班
102
Cloud computing services have mushroomed in recent years, in large numbers, like another wave of industrial revolution, people could completely change the lifestyle and habits. However, the providers of these cloud computing services, the security issues and the protection of personal data, but it is and has been criticized by people worried about the place, which also promote cloud computing services directly into the barriers. Therefore, how to enhance people's sense of trust in cloud computing services for data protection, are extremely important and must be solved. In this paper, we make a risk management for the cloud computing and discuss the risk management mechanisms for the cloud computing industry with the Freeman’s stakeholder theory.
33
Liu, Jen-Shuo, and 劉人碩. "Research of Personal Data Privacy Protection on Cloud Environment Management System." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/96092689568846152213.
Full textAbstract:
碩士健行科技大學
資訊工程系碩士班
102
Cloud computing techniques are giving many convenient to users; it changed the way of data process. Many users not only saving their data in local or USB drive, but also upload to the cloud template. It is because of the cloud templates not only having enough memory space, but also they provide user high-performance computing ability. With the develop of the cloud service application like social software, transfer platform, online shopping, stock trading are all included in their services. When the users are enjoying the convenient of cloud computing, their security of personal data is under threat. Recently the develop of security of cloud data is not so perfect, because the developers are more emphasis on infrastructure and service. Our propose is based on privacy policy to discuss data life cycle management in the environment of cloud. We designed a system that conform to Privacy Protection Act, this system will discuss the life cycle (from it created till it deleted), we will also provide the every level of threat and the protection method, to enhanced the data security in cloud computing services.
34
Lin, Kuan-yow, and 林冠佑. "Legal Study on Information Security Harmonizationfor Data Protection and Cloud Computing." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/88776505810956561611.
Full textAbstract:
碩士東吳大學
法律學系
99
The thriving on computers and the Internet has brought tremendous changes on our daily lives as well as business models. Various services of the Internet have successfully enabled people to do everything online- surf the news, check the weather forecast, follow the index of stock markets, collecting information, wire money, contact people with email and other interactive multimedia, twit and plurk, blog thoughts and photos, post videos on Youtube and Yahoo!, plan a trip with Google map, upload massive files to Google Docs and Dropbox, set up a website on Amazon’s leasing server and so on, not to mention other services offered by hundreds of thousands of websites. In fact, nowadays one can easily assume that every step of our lives—from birth to death is closely related to computers and the Internet. Along with the evolution of the technologies of computers and the Internet, the increase on bandwidth and the expansion of mobile communications, people can access the Internet to process different dealings on the go, thus provoking a rapid evolution and development of cloud computing. The speedy growth of cloud computing has not only brought enormous impact on the cost, sale and operation of related industries, but also advanced the already close connection between the Internet and our daily lives, which promotes the cloud computing services of the ISPs and enhance the more beneficial utilization of the resources of the Internet. With the evolution of cloud computing, more and more magnetic data, such as personal information, trade secrets, music, video, pictures and other copyrighted material, etc., would be stored and processed in the cloud service provider's computer servers. Therefore, it can be predicted that more and more network services would requires users to provide personal information, and even Internet service providers would collect person information through the service they offer the users. These collections are supposed to be regulated in respective jurisdictional area. However, when considering the nature of cross-border of the Internet, one would reasonably doubt whether the regulations would work out. Meanwhile, malwares such as website Trojan and spams through social technologies can bring vital harms to the security of the Internet. Apparently, cybercrimes would be one of the most serious crimes and the coming future. On one hand, the growth of cloud computer will boost the function and utility of the website to a whole new stage; on the other hand, it will also realize the actual harm to the security of Internet database. Hence, the response of ISPs to the characteristic of the storage and protection of the magnetic records on cloud computing would be very important. As to governmental agencies, although new regulations on cloud computing are rapidly issued or amended all over the world, how can the rules be best adapted and applied to the real world would be essential too. The thesis attempts to start with the technology of cloud computing, and then draw out the possible harms to data security under the structure of computer, the Internet and could computing. Then it will discuss the related regulations on data security of cloud computing in Taiwan and other countries, and ends with the suggestion of the application of the regulations from the perspective of the ISPs, users and governmental agencies.
35
Silva, Paulo Miguel Guimarães da. "CONTRIBUTIONS TO PERSONAL DATA PROTECTION AND PRIVACY PRESERVATION IN CLOUD ENVIRONMENTS." Master's thesis, 2020. http://hdl.handle.net/10316/95054.
Full text
36
Silva, Paulo Miguel Guimarães da. "Contributions to Personal Data Protection and Privacy Preservation in Cloud Environments." Doctoral thesis, 2021. http://hdl.handle.net/10316/95291.
Full textAbstract:
Tese no âmbito do Programa de Doutoramento em Ciências e Tecnologias da Informação, apresentada ao Departamento de Engenharia Informática da Faculdade de Ciências e Tecnologia da Universidade de Coimbra.Personal data is currently being used in countless applications in a vast number of areas. Despite national and international legislation, the fact is that individuals still have little to no control over who uses their data and for what purposes. As regulations vary from region to region, data is often stored and processed in multiple locations by multiple data processors. Moreover, the security concerns of a system are sometimes addressed individually or in an ad-hoc manner, which may result in inadequate solutions. In the end, data protection and privacy assurances are still, in many cases, only a theoretical possibility. As such, it is necessary to propose mechanisms that maximise data protection and provide increased privacy assurances. A strategy to ensure appropriate levels of security and privacy is mandatory. In this work, it was possible to design, develop and evaluate mechanisms that fill the issues mentioned above. One of the pillars of this strategy is the inclusion of Authentication, Authorisation and Accounting (AAA) solutions that securely control access to individuals' data. The other pillar relies on the usage of intelligent, automated, and non-intrusive mechanisms that monitor and control personal data to increase privacy assurances. To fulfil such strategy, the development of a cloud-based AAA solution was the very first step to control individuals' access to data. The proposed solution is composed of a reverse proxy, a custom web application and a NoSQL database. The mechanisms proposed in this thesis recur to Natural Language Processing (NLP), Named Entity Recognition (NER) and Machine Learning (ML) algorithms in a hybrid approach. A series of NER models capable of identifying personal information are also trained with algorithms such as Multi-Layer Perceptron (MLP) and Random Forests (RF), using only publicly available datasets as a source of training and validation data. The mechanisms proposed in this work comply with existing regulations and are designed under appropriate cloud-based deployment and life cycle management strategies. Moreover, this thesis proposes a fuzzy privacy risk model that allows the assessment of privacy risk levels associated with data transactions. The advantages and drawbacks of the proposed mechanisms were evaluated in pilot use cases in the scope of two international projects: H2020 EUBra-BIGSEA and H2020 PoSeID-on. The evaluation conducted on both technical and user-centred scenarios indicates that the proposed mechanisms have high data classifying accuracy, support large volumes of data with distinct characteristics and to increase individuals' privacy awareness and control.
Os dados pessoais são atualmente utilizados em inúmeras aplicações num grande número de áreas. Apesar da legislação nacional e internacional, o facto é que indivíduos ainda têm pouco ou nenhum controlo sobre quem usa os seus dados pessoais, e para que fins. Como os regulamentos variam de região para região, os dados geralmente são armazenados e processados em vários locais, e por vários processadores de dados. Além disso, as questões de segurança dos sistemas por vezes são tratadas individualmente ou de maneira ad-hoc, o que pode resultar em soluções inadequadas. No final, a proteção de dados e as garantias de privacidade ainda são, em muitos casos, apenas uma possibilidade teórica. Como tal, é necessário propor mecanismos que maximizem a proteção de dados e forneçam maiores garantias de privacidade. Uma estratégia para garantir níveis adequados de segurança e privacidade é obrigatória. Neste trabalho, foi possível projetar, desenvolver e avaliar mecanismos que atendem às questões mencionadas acima. Um dos pilares desta estratégia é a inclusão de soluções de Autenticação, Autorização e Auditabilidade (AAA) que controlam o acesso aos dados pessoais com segurança. O outro pilar depende do uso de mecanismos inteligentes, automatizados e não intrusivos que monitoram e controlam os dados pessoais de modo a aumentar as garantias de privacidade. Para seguir essa estratégia, o primeiro passo foi o desenvolvimento de uma solução AAA baseada na nuvem, que controla o acesso a dados pessoais. A solução proposta é composta por um procurador reverso, uma aplicação web personalizada e uma base de dados NoSQL. Os mecanismos propostos nesta tese recorrem a Processamento de Linguagem Natural (PNL), Reconhecimento de Entidades Mencionadas (REM) e Aprendizagem Automática (AA) de uma forma híbrida. Uma série de modelos REM capazes de identificar informações pessoais também são treinados com algoritmos tais como Perceptron Multicamada (PM) e Florestas de Decisão Aleatórias (FDA), usando apenas conjuntos de dados publicamente disponíveis, como fonte de dados de treino e validação. Os mecanismos propostos neste trabalho estão em conformidade com os regulamentos existentes e são projetados de acordo com uma implementação baseada em nuvem e estratégias de gestão de ciclo de vida apropriadas. Além disso, esta tese propõe um modelo fuzzy de risco de privacidade que permite avaliar os níveis de risco de privacidade associados às transações de dados. As vantagens e desvantagens dos mecanismos propostos foram avaliadas em casos de uso piloto no âmbito de dois projetos internacionais: H2020 EUBra-BIGSEA e H2020 PoSeID-on. A avaliação realizada em cenários técnicos e centrados no usuário indica que os mecanismos propostos têm alta precisão de classificação de dados, suportam grandes volumes de dados com características distintas e aumentam a perceção e o controle da privacidade dos indivíduos.
37
Dang, Thanh Dat. "Protection and efficient management of big health data in cloud environment." Thesis, 2017. http://hdl.handle.net/10453/123215.
Full textAbstract:
University of Technology Sydney. Faculty of Engineering and Information Technology.Healthcare data has become a great concern in the academic world and in industry. The deployment of electronic health records (EHRs) and healthcare-related services on cloud platforms will reduce the cost and complexity of handling and integrating medical records while improving efficiency and accuracy. To make effective use of advanced features such as high availability, reliability, and scalability of Cloud services, EHRs have to be stored in the clouds. By exposing EHRs in an outsourced environment, however, a number of serious issues related to data security and privacy, distribution and processing such as the loss of the controllability, different data formats and sizes, the leakage of sensitive information in processing, sensitive-delay requirements has been naturally raised. Many attempts have been made to address the above concerns, but most of the attempts tackled only some aspects of the problem. Encryption mechanisms can resolve the data security and privacy requirements but introduce intensive computing overheads as well as complexity in key distribution. Data is not guaranteed being protected when it is moved from one cloud to another because clouds may not use equivalent protection schemes. Sensitive data is being processed at only private clouds without sufficient resources. Consequently, Cloud computing has not been widely adopted by healthcare providers and users. Protecting and managing health data efficiently in many aspects is still an open question for current research. In this dissertation, we investigate data security and efficient management of big health data in cloud environments. Regarding data security, we establish an active data protection framework to protect data; we investigate a new approach for data mobility; we propose trusted evaluation for cloud resources in processing sensitive data. For efficient management, we investigate novel schemes and models in both Cloud computing and Fog computing for data distribution and data processing to handle the rapid growth of data, higher security on demand, and delay requirements. The novelty of this work lies in the novel data mobility management model for data protection, the efficient distribution scheme for a large-scale of EHRs, and the trust-based scheme in security and processing. The contributions of this thesis can be summarized according to data security and efficient data management. On data security, we propose a data mobility management model to protect data when it is stored and moved in clouds. We suggest a trust-based scheduling scheme for big data processing with MapReduce to fulfil both privacy and performance issues in a cloud environment. • The data mobility management introduces a new location data structure into an active data framework, a Location Registration Database (LRD), protocols for establishing a clone supervisor and a Mobility Service (MS) to handle security and privacy requirements effectively. The model proposes a novel security approach for data mobility and leads to the introduction of a new Data Mobility as a Service (DMaaS) in the Cloud. • The Trust-based scheduling scheme investigates a novel composite trust metric and a real-time trust evaluation for cloud resources to provide the highest trust execution on sensitive data. The proposed scheme introduces a new approach for big data processing to meet with high security requirements. On the efficient data management, we propose a novel Hash-Based File Clustering (HBFC) scheme and data replication management model to distribute, store and retrieve EHRs efficiently. We propose a data protection model and a task scheduling scheme which is Region-based for Fog and Cloud to address security and local performance issues. • The HBFC scheme innovatively utilizes hash functions to cluster files in defined clusters such that data can be stored and retrieved quickly while maintaining the workload balance efficiently. The scheme introduces a new clustering mechanism in managing a large-scale of EHRs to deliver healthcare services effectively in the cloud environment. • The trust-based scheduling model uses the proposed trust metric for task scheduling with MapReduce. It not only provides maximum trust execution but also increases resource utilization significantly. The model suggests a new trust-oriented scheduling mechanism between tasks and resources with MapReduce. • We introduce a novel concept “Region” in Fog computing to handle the data security and local performance issues effectively. The proposed model provides a novel Fog-based Region approach to handle security and local performance requirements. We implement and evaluate our proposed models and schemes intensively based on both real infrastructures and simulators. The outcomes demonstrate the feasibility and the efficiency of our research in this thesis. By proposing innovative concepts, metrics, algorithms, models, and services, the significant contributions of this thesis enable both healthcare providers and users to adopt cloud services widely, and allow significant improvements in providing better healthcare services.
38
Lin, Yu-Ting, and 林雨葶. "Applying Proxy Re-Encryption to Ciphertext Search in Cloud Data Protection Mechanism." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/39u6r7.
Full textAbstract:
碩士長庚大學
資訊管理學系
104
With the rapid growth of Internet applications and cost continued to decline, there are many large organizations, such as Amazon, IBM and Microsoft, adopted cloud computing technology. These organizations will transfer their internal resources to external Cloud Service Provider (CSP). It does not only greatly reduce the cost of organization expenses, but also have more competitive advantages offered by cloud service environment than traditional server. However, the cloud environment is an open shared location; the traditional protection mechanism may not be suitable for cloud environment. When enterprises decide to outsource the sensitive data from interior server to cloud storage environment, security of data which are stored in the cloud is the most important issue to consider. In order to assure the security of data outsourced to cloud storage, and maintain the cost and competitive advantages simultaneously, this paper proposes a data protection mechanism which is suitable for cloud computing environment. The proposed mechanism is expected to achieve confidentiality and provide ciphertext searchable capability and user revocation. Furthermore, the proposed mechanism adopts Attribute-Based Encryption (ABE) along with Proxy Re-encryption (PRE) scheme to achieve Fine-Grained Access Control.
39
Studihradová, Barbora. "Obecné nařízení o ochraně osobních údajů: výzvy pro cloud." Master's thesis, 2018. http://www.nusl.cz/ntk/nusl-388685.
Full textAbstract:
1 CHARLES UNIVERSITY IN PRAGUE Faculty of Law Barbora Studihradová General Data Protection Regulation: Challenges for the Cloud Master's thesis Master's thesis supervisor: JUDr. Magdaléna Svobodová, Ph.D. Department of European Law Date of completion (manuscript closure): 13 April 2018 2 General Data Protection Regulation: Challenges for the Cloud Abstract This thesis recognizes and analyses some of the fundamental challenges that the General Data Protection Regulation poses for cloud computing. Its aim is to answer the question whether the GDPR can be regarded as cloud friendly. The hypothesis that is proposed and tested is that it cannot be, since it includes concepts and wording that are impractical in cloud computing. This is assessed based on how different cloud computing services function. The thesis therefore lays down foundations of both legal and technical understanding of the data protection in the cloud in the first chapters. The analysis of the challenges then builds on this knowledge. The challenges of the GDPR for the cloud are divided into five groups. Firstly, what is regulated as personal data in the cloud is consider with regard to the concepts of anonymisation, pseudonymisation and encryption. Secondly, controller - processor relationship and their obligations in the complex cloud...
40
Liu, Kuan-Ting, and 劉冠廷. "Legal Issues of Information Security and Personal Data Protection of Cloud Computing Service." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/79178790139062182389.
Full textAbstract:
碩士國立高雄第一科技大學
科技法律研究所
103
In the new world of Cloud computing, Information security is important. That Data theft and Internet crime are biggest threats to Country and Company. Advances in technology will lead to more and more important information security. How the government to protect the rights and interests of enterprise information security equitable people. That problem faced by the Government. Protection of personal data is another focus issue. Up to the constitutional guarantee of the right to privacy of information. Down to the general law to protect people''s personal information, there are also outside of the transmission and to identify issues. And EU have “The right to be forgotten” if enter into Taiwan have problem? These topics are discussed in this article.
41
Wu, Tsung Han, and 吳宗翰. "A Data Protection Mechanism with Fine-Grained Access Control in Cloud Storage Environments." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/39589420663475627315.
Full textAbstract:
碩士長庚大學
資訊管理學系
102
With the advance of information technology, the price of bandwidth is decreasing rapidly. There are more and more organizations moving their computing and storage resources to cloud computing environment to reduce the cost of hardware, software or labors. Although cloud computing brings the advantage of cost, the organizations may still worry about the issues of cloud computing security, especially the confidentiality of sensitive date which were stored in the cloud storage environments. Therefore, this study proposes a data protection mechanism to protect the data stored in the cloud environment. With the proposed mechanism, we can achieve not only the data confidentiality and security of keywords search scheme in encrypted data, but also fine-grained access control with Attribute-Based Encryption (ABE). Furthermore, the computing cost of the proposed mechanism is reasonable.
42
Lu, Pei-chun, and 盧佩君. "The Study of Secure and Efficient Data and Privacy Protection Mechanisms in Cloud Computing." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/27065841577029443387.
Full textAbstract:
碩士國立高雄第一科技大學
資訊管理研究所
101
In cloud computing environments, service providers provide more and more cloud services. Users can use these convenient cloud services in daily life. The major data of the user is maintained by the service providers except that some personal privacy data is stored at the client device. An attacker may try to invade the systems, and it will cause the damage of users and service providers. Also, users may lose their mobile devices and then it may cause the data disclosure problem. As a result, the data and privacy protection of users becomes an important issue in these environments. Besides, since many mobile devices are used in these environments, secure authentication and data protection methods must be efficient in these low resource environments. In this thesis, we propose a scheme that users can verify the valid cloud service servers and the cloud service servers can ensure the legal users. Our proposed method uses the secure encryption/decryption keys and achieves the user authentication using the elliptic curve cryptosystems and the message authentication codes. Since the key delegation center of the third party has the robust security protection, our proposed scheme stores the encryption/decryption keys in the key delegation center of the third party. This approach not only can reduce the storage space of the user devices, but also can recover the encryption/decryption keys in the key delegation center when a user loses her/his devices for solving the device losing problem.
43
Chi, Pei-I., and 紀珮宜. "A comparative study on EU and US data protection laws governing transatlantic data flow services by cloud computing industry." Thesis, 2018. http://ndltd.ncl.edu.tw/handle/hj2x8t.
Full textAbstract:
碩士國立政治大學
國際經營與貿易學系
106
In recent years, Cloud Computing has developed rapidly, and has brought big changes in the management model of enterprises. The fast-growing European market becomes the battlefield that all the American large cloud-computing providers aggressively try to get in. For the cloud computing, transferring data without limit is the essential condition in providing services; however, inevitably, the transferring process involves the issue of personal data and privacy protection. The EU and America hold different opinions over this issue, and the differences are the main barriers that prevent cloud-computing providers from entering the European market. In addition, the EU passed a more stringent rule, the Data Protection Regulation, in 2018, and covered the cloud-computing providers by imposing the obligation of protecting data on the enterprises. As for the transatlantic-data flow, according to the EU law, only the country who has the same level of personal data protection is allowed to transfer the data across the border. In this case, the majority of cloud-computing providers adopt the EU-US Privacy Shield Framework, a cross-border data transfers agreement specifically designed for the transatlantic-data flow by the EU and America, as their key foundation. In view of this, this thesis analyzed the content of EU-US Privacy Shield Framework, and concluded that this agreement requires more obligations for the enterprises, which are handling data, than the previous Safe Harbor Framework agreement, while it also gives the data subject more rights to ensure privacy. Nevertheless, this thesis believes that this agreement is still insufficient to meet the EU’s standard of data privacy protection. Therefore, it is suggested that both parties, the EU and America, should renegotiate the approaches that prevent personal privacy from being compromised by mass surveillance and data collection and provide affected individual with effective legal resorts to remedy damage, with the aim of avoiding the legal risk of EU-US Privacy Shield Framework being determined invalid in the future.
44
Wang, Ching-Hui, and 王瀞慧. "A Discussion on Privacy and Personal Data Protection of Financial Institutions in the Cloud Computing Environment." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/77394136614625342972.
Full textAbstract:
碩士大同大學
資訊經營學系(所)
101
Though the world economy suffered frequently from financial crises, mobile technology finds its applications in every walk of life. Together with cloud computing, it brings innovative ideas to many industries including financial industry. While the industry benefits from this new technological environment, information security becomes a new challenge. In this study, we apply to the method of focus group to explore the opinion of users concerning the use of new technologies of e-banking, e-ATM, and mobile banking. The questionnaire was administered in three steps based on a case of bank, and the following conclusions are drawn: (1)The users worry about the leakage of private data while using the new technologies; (2)The users feel comfortable if the bank provides security mechanisms for transactions while using the new technologies; (3)The users appreciate the notification upon successful/failed transaction by email or short message service (SMS) from the bank while using the new technologies; (4)The users favor the notification of login operation by email or SMS from the bank while using the new technologies; and (5)The users agree that the implementation of international security certification would increase the trust of financial institutions. The results obtained in this study are of reference value for decision-makers. The case company is encouraged to implement these security mechanisms in its transaction management to gain competitive advantages.
45
Agreira, André Eduardo Santos de Caria. "Cloud computing and EU law." Master's thesis, 2021. http://hdl.handle.net/10362/132599.
Full textAbstract:
Dissertation to obtain a Master’s Degree in Law, in the specialty of International and European LawAs of today, one of the main obstacles to the transversal adoption of Cloud Computing by companies across the EU is still the lack of knowledge and the apparent risks associated to this technology; however, the European Commission has once again stressed its importance for the future of the EU. As such, this thesis provides a summary of the socioeconomic relevance of cloud computing, as well as an overview of the fragmented the legal framework applicable to Cloud Service Providers in the EU. This thesis finally examines the adequacy and evolution of the terms of service provided by several cloud service providers, including their enforceability towards EU consumers, as well as the next steps to achieve a more competitive and transparent cloud market.
Actualmente, um dos principais obstáculos à adoção transversal do cloud computing por empresas na UE prende-se com a falta de conhecimento relativamente aos serviços de cloud computing e aos riscos aparentes associados a essa tecnologia; apesar disso, a Comissão Europeia voltou a salientar a importância do cloud computing para o futuro da UE. Como tal, esta tese fornece um resumo da relevância socio-económica do cloud computing, bem como uma visão geral das múltiplas normas jurídicas aplicável aos provedores de serviços de cloud computing na UE. Finalmente, a tese examina a adequação e evolução dos termos de serviço fornecidos por vários provedores de serviços de cloud computing, incluindo sua aplicabilidade em relação aos consumidores da UE, bem como os próximos passos para alcançar um mercado em nuvem mais competitivo e transparente.
46
Ohnišťová, Markéta. "Právní aspekty Cloud computingu. SaaS jako forma cloudových služeb." Master's thesis, 2016. http://www.nusl.cz/ntk/nusl-344084.
Full textAbstract:
The thesis provides legal insight of the Cloud computing with a particular focus on a specific cloud service called software as a service (SaaS). There are discussed all cloud services and distribution models of the cloud infrastructure as well as its legal aspects. The thesis analyses legal requirements of contractual provisions for a provision of the SaaS services. The substantial part deals also with types of licenses, which can be used in relation to the provision of the SaaS services. The practical part of the thesis firstly contains above all the legal framework of data protection and its legal requirements on contractual relation between provider and customer of the cloud Services. Secondly the abovementioned part provides a comparison between contractual provisions related to the processing and protection of data between two contracts, Google Apps for Work and Microsoft Office 365. Keywords Cloud computing, cloud, software as a service (SaaS), data protection, contract
47
WU, HSING-CHEN, and 吳幸珍. "Data Leakage Protection Management for Cloud Campus Networks Using DLP Model - A Case Study on SchoolAffairs Information Systems of Some Junior High School in Hsinchu City." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/9f3y44.
Full textAbstract:
碩士大葉大學
資訊管理學系碩士班
105
Our government has been promoting the information technology and networking in education system on campus in Taiwan to help students receive more multiple and instant education and information. However, it was accompanied by the security problems about confidential data leakage of the staff and students, which is involved with hacking, virus infection, and man-made negligence related to the system operations. The situation is getting worse on cloud campus, particularly in primary and secondary schools. Although some schools try hard to improve the situation, the risks of personal information leakage still exist. This means we must make progress for the field of Data Leakage Protection. The study is for understanding the profiles of data leakage protection in the cloud campus networks, and explores its processes and strategies of the management through the theories and practices of Data Leakage Protection by using the case study. It also offers some suggestions for reference to schools, educational administrative organizations, and future related research.
48
SUNG, HSU-TSE, and 宋旭澤. "Constructing Personal Data Protection Management for Cloud School Affairs Information Systems of a Junior High School - A Case Study on Some Junior High School in Hsinchu City." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/g776e6.
Full textAbstract:
碩士大葉大學
資訊管理學系碩士班
104
Cloud computing is widely used due to its highly efficient computing, highly flexible resource allocation, low information cost, etc. Schools are rushing to embrace it. However, SafeNet survey shows that over 0.375 billion of cloud data were stolen in the first half of 2014. The firm has estimated that by 2018, the theft rate will rise to 29%. This suggests that cloud computing risks are remarkably high. This study is based on the British standard of BS 10012:2009, and further adopts the method of in-depth case study, with P (Plan), D (Do), C (Check) and A (Action) as dimensions for relevant issues. Through this, we could get an understanding of the personal information management status of the cloud student affairs system (CSAS) at a certain junior high school in Hsinchu. Moreover, regarding the personal information protection and management strategy, the following three suggestions are proposed: (1) the personal information protection policy and implementation results of the CSAS; (2) analysis of the response to implementation problems of personal information protection of the CSAS; and (3) highlights of the implementation of personal information protection of the CSAS by schools. Keywords: Privacy, Personal Information Protection, BS 10012, ischool Student Affairs System
49
Patala, Najiyabanu Noormohmed. "Cybersecurity framework for cloud computing adoption in rural based tertiary institutions." Diss., 2018. http://hdl.handle.net/11602/1362.
Full textAbstract:
MCom (Business Information Systems)Department of Business Information Systems
Although technology is being progressively used in supporting student learning and enhancing business processes within tertiary institutions, certain aspects are hindering the decisions of cloud usage. Among many challenges of utilizing cloud computing, cybersecurity has become a primary concern for the adoption. The main aim of the study was to investigate the effect of cloud cyber-security usage at rural based tertiary institutions in order to compare the usage with an urban-based institution and propose a cybersecurity framework for adoption of cloud computing cybersecurity. The research questions focused on determining the drivers for cloud cybersecurity usage; the current adoption issues; how cybersecurity challenges, benefits, and quality affects cloud usage; the adoption perceptions and awareness of key stakeholders and identifying a cloud cybersecurity adoption framework. A quantitative approach was applied with data collected from a simple random sample of students, lecturers, admin and IT staff within the tertiary institutions through structured questionnaires. The results suggested compliance with legal law as a critical driver for cloud cybersecurity adoption. The study also found a lack of physical control of data and harmful activities executed on the internet as challenges hampering the adoption. Prevention of identity fraud and cheaper security costs were identified as benefits of adoption. Respondents found cloud cybersecurity to be accurate and effective, although most of the students and employees have not used it. However, respondents were aware of the value of cybersecurity adoption and perceive for it to be useful and convenient, hence have shown the intention of adopting it. There were no significant elements identified to differentiate the perceptions of usage at rural and urban-based tertiary institutions. The results of the study are to be used for clarifying the cybersecurity aspects of cloud computing and forecasting the suitability cloud cybersecurity within the tertiary institutions. Recommendations were made on how tertiary institutions and management can promote cloud cybersecurity adoption and how students, lecturers, and staff can effectively use cloud cybersecurity.
NRF
50
Khan, Sohail Razi. "MSL Framework: (Minimum Service Level Framework) for cloud providers and users." Doctoral thesis, 2018. http://hdl.handle.net/10284/7120.
Full textAbstract:
Cloud Computing ensures parallel computing and emerged as an efficient technology to meet
the challenges of rapid growth of data that we experienced in this Internet age. Cloud
computing is an emerging technology that offers subscription based services, and provide
different models such as IaaS, PaaS and SaaS among other models to cater the needs of
different user groups. The technology has enormous benefits but there are serious concerns
and challenges related to lack of uniform standards or nonexistence of minimum benchmark
for level of services offered across the industry to provide an effective, uniform and reliable
service to the cloud users. As the cloud computing is gaining popularity, organizations and
users are having problems to adopt the service ue to lack of minimum service level
framework which can act as a benchmark in the selection of the cloud provider and provide
quality of service according to the user’s expectations. The situation becomes more critical
due to distributed nature of the service provider which can be offering service from any part
of the world. Due to lack of minimum service level framework that will act as a benchmark
to provide a uniform service across the industry there are serious concerns raised recently interms
of security and data privacy breaches, authentication and authorization issues, lack of
third party audit and identity management problems, integrity, confidentiality and variable
data availability standards, no uniform incident response and monitoring standards,
interoperability and lack of portability standards, identity management issues, lack of
infrastructure protection services standards and weak governance and compliance standards
are major cause of concerns for cloud users. Due to confusion and absence of universal
agreed SLAs for a service model, different quality of services is being provided across the
cloud industry. Currently there is no uniform performance model agreed by all stakeholders;
which can provide performance criteria to measure, evaluate, and benchmark the level of
services offered by various cloud providers in the industry. With the implementation of
General Data Protection Regulation (GDPR) and demand from cloud users to have Green
SLAs that provides better resource allocations mechanism, there will be serious implications
for the cloud providers and its consumers due to lack of uniformity in SLAs and variable
standards of service offered by various cloud providers. This research examines weaknesses in service level agreements offered by various cloud
providers and impact due to absence of uniform agreed minimum service level framework on
the adoption and usage of cloud service. The research is focused around higher education
case study and proposes a conceptual model based on uniform minimum service model that
acts as benchmark for the industry to ensure quality of service to the cloud users in the higher
education institution and remove the barriers to the adoption of cloud technology. The
proposed Minimum Service Level (MSL) framework, provides a set of minimum and
uniform standards in the key concern areas raised by the participants of HE institution which
are essential to the cloud users and provide a minimum quality benchmark that becomes a
uniform standard across the industry. The proposed model produces a cloud computing
implementation evaluation criteria which is an attempt to reduce the adoption barrier of the
cloud technology and set minimum uniform standards followed by all the cloud providers
regardless of their hosting location so that their performance can be measured, evaluated and
compared across the industry to improve the overall QoS (Quality of Service) received by the
cloud users, remove the adoption barriers and concerns of the cloud users and increase the
competition across the cloud industry.A computação em nuvem proporciona a computação paralela e emergiu como uma tecnologia eficiente para enfrentar os desafios do crescimento rápido de dados que vivemos na era da Internet. A computação em nuvem é uma tecnologia emergente que oferece serviços baseados em assinatura e oferece diferentes modelos como IaaS, PaaS e SaaS, entre outros modelos para atender as necessidades de diferentes grupos de utilizadores. A tecnologia tem enormes benefícios, mas subsistem sérias preocupações e desafios relacionados com a falta de normas uniformes ou inexistência de um referencial mínimo para o nível de serviços oferecidos, na indústria, para proporcionar uma oferta eficaz, uniforme e confiável para os utilizadores da nuvem. Como a computação em nuvem está a ganhar popularidade, tanto organizações como utilizadores estão enfrentando problemas para adotar o serviço devido à falta de enquadramento de nível de serviço mínimo que possa agir como um ponto de referência na seleção de provedor da nuvem e fornecer a qualidade dos serviços de acordo com as expectativas do utilizador. A situação torna-se mais crítica, devido à natureza distribuída do prestador de serviço, que pode ser oriundo de qualquer parte do mundo. Devido à falta de enquadramento de nível de serviço mínimo que irá agir como um benchmark para fornecer um serviço uniforme em toda a indústria, existem sérias preocupações levantadas recentemente em termos de violações de segurança e privacidade de dados, autenticação e autorização, falta de questões de auditoria de terceiros e problemas de gestão de identidade, integridade, confidencialidade e disponibilidade de dados, falta de uniformidade de normas, a não resposta a incidentes e o monitoramento de padrões, a interoperabilidade e a falta de padrões de portabilidade, questões relacionadas com a gestão de identidade, falta de padrões de serviços de proteção das infraestruturas e fraca governança e conformidade de padrões constituem outras importantes causas de preocupação para os utilizadores. Devido à confusão e ausência de SLAs acordados de modo universal para um modelo de serviço, diferente qualidade de serviços está a ser fornecida através da nuvem, pela indústria da computação em nuvem. Atualmente, não há desempenho uniforme nem um modelo acordado por todas as partes interessadas; que pode fornecer critérios de desempenho para medir, avaliar e comparar o nível de serviços oferecidos por diversos fornecedores de computação em nuvem na indústria. Com a implementação do Regulamento Geral de Protecção de Dados (RGPD) e a procura da nuvem com base no impacto ambiental (Green SLAs), são acrescentadas precupações adicionais e existem sérias implicações para os forncedores de computação em nuvem e para os seus consumidores, também devido à falta de uniformidade na multiplicidade de SLAs e padrões de serviço oferecidos. A presente pesquisa examina as fraquezas em acordos de nível de serviço oferecidos por fornecedores de computação em nuvem e estuda o impacto da ausência de um quadro de nível de serviço mínimo acordado sobre a adoção e o uso no contexto da computação em nuvem. A pesquisa está orientada para a adoção destes serviços para o caso do ensino superior e as instituições de ensino superior e propõe um modelo conceptualt com base em um modelo de serviço mínimo uniforme que funciona como referência para a indústria, para garantir a qualidade do serviço para os utilizadores da nuvem numa instituição de ensino superior de forma a eliminar as barreiras para a adoção da tecnologia de computação em nuvem. O nível de serviço mínimo proposto (MSL), fornece um conjunto mínimo de normas uniformes e na áreas das principais preocupações levantadas por responsáveis de instituições de ensino superior e que são essenciais, de modo a fornecer um referencial mínimo de qualidade, que se possa tornar um padrão uniforme em toda a indústria. O modelo proposto é uma tentativa de reduzir a barreira de adoção da tecnologia de computação em nuvem e definir normas mínimas seguidas por todos os fornecedores de computação em nuvem, independentemente do seu local de hospedagem para que os seus desempenhos possam ser medidos, avaliados e comparados em toda a indústria, para melhorar a qualidade de serviço (QoS) recebida pelos utilizadores e remova as barreiras de adoção e as preocupações dos utilizadores, bem como fomentar o aumento da concorrência em toda a indústria da computação em nuvem.